Re: [cobalt-users] Spam and AV protection

[Parker Morse <morse@xxxxxxxxxxx>]

Troy says...
> I would like our Virus Engine to have DAT files available for download on a
> scripted basis.

and quotes me before putting me on the spot:
>> I'd start with the Sanitizer. I think the address was posted a few days
> ago,
> Where would you end? Can you expound on this subject (sounds like you are
> experienced) a little more? Have you implementd a Virus Engine and if so
> what do you use?

Well, to give a trick answer, I wouldn't end. System security is an ongoing
project, and there's always something to be evaluated or re-evaluated.

ORBZ and the Sanitizer are the only two stages of our email/virus security
layers which live on our Qube. We don't virus-scan our emails at the server
layer. The Wintel machines in the office are all set up with Norton
Anti-Virus Corporate, with an NT server grabbing LiveUpdate virus definition
files and passing them along to the desktops. The rest of us are on Macs,
using NAV or Virex.

The next line of defense is me. :-)

Where I'd go from here... continue evaluating the Sanitizer vs. other
filtering solutions. Make sure I keep up on the Sanitizer's ruleset. (The
author updates it.) Keep an eye on our email bounces and our users' spam to
see if I should be using another DNSBL. Educate my users about virii. etc.
etc....

By the way, two more pages that are worth looking at are John Conover's
procmail stuff. See <http://www.johncon.com/john/QuarantineAttachments/> for
quarantining attachments, and
<http://www.johncon.com/john/StochasticUCEDetection/> for "Stochastic UCE
detection."

For both this and the Sanitizer, you don't have to know procmail, but it
helps a lot. (I'm learning.)

pjm