Re: Corporate Anti-virus solutions
Curtis Vaughan said:
> One year ago, our organization was totally MS. So, for our corporate
> anti-virus product we have been using Norton Anti-virus corporate
> addition.
>
> Now, our organization is 50/50 linux/ MS. Norton anti-virus is not
> available for linux, so I'm wondering what other options there may be
> for a corporate environment, which option is recommended by some of you
> out there!
>
> Personally, I would like one that would also work with our mail servers
> (1 exchange server, 1 postfix server).
>
> Currently, all linux machines use clamav, btw. Maybe this is good
> enough?
I can't reccomend sophos enough. I've always hated symantec. I don't
know what it is about them that drives chills down my spine but I
just can't stand them.
Sophos is great because they support a diverse selection of platforms,
provide incremental(e.g. 10kb or so) updates, their upgrades are
just plain files, no "smart update" with binary patches to the virus
defs like some other vendors do, so updates are easy to deploy(extract
the files..). for Win32 they have an auto upgrade thing if you have a
Win32 server you can make a "server" install and install the client
"versions" on the clients and have them check for updates ever so
often(default is every 10 minutes). When an update is detected it
removes & reinstalls the product automatically(with or without user
interaction depending on your preferences). It allows the user to
postpone an update if they are doing something(again you can ovveride
this as the admin). You can do a "remote" install without being on
the user's system(win2000 computers need the "remote registry editor"
service or whatever its called enabled for it to work). The software
will automatically disable itself after 3 months of no upgrades forcing
users to upgrade, which I think is good, old AV software is a false
sense of security(it will also send a big warning if you try to run
it after 3 months, after 1 month it warns you to upgrade saying you
have 2 months until the software stops working or something). I came
up with a quick script to update the server nightly and then the clients
would update automatically each night. worked quite well.
Unix side is even easier, no software to maintain, just use the normal
tools to copy the updated files around(no daemons to restart or
anything). Upgrading the package itself, just copy the files over
and run the installer script(its non interactive so can be run
automatically if you wish).
upgrades are available from their website, and they send you a CD
each month. One of the best features is the license, they allow employees
of a company full and unrestricted use of the software on their home
computers. So I put up a website where employees could download the
software and use at home if they wanted. Even freebsd/solaris/linux
versions.
the win32 server-client version also has a "admin tool" where you
can check the status of the workstations and servers to see what
versions are installed, what updates are installed, and the status
of the software(running/disabled/etc).
the only real downside is the auto-upgrade for win32 upgrades the
whole installation rather then just a incremental update. This
uses a lot of bandwidth, on a LAN its not an issue for me, but dialup
users and stuff can be caught waiting for a while while it downloads(*) :)
their sales staff is quite knowledgable, and as another added bonus
they have sworn(more or less) to NOT co-operate with the FBI in
"not detecting" the FBI's trojans. Symantec (& I think Mcafee) said
at one point they would not detect the FBI's trojans(I think they
later changed their views so that they would though). Being a UK
company Sophos doesn't have as much incentive to support the
FBI. Sophos turned me onto amavis back in 2000, and they do have
people that monitor the amavis mailing list(perhaps other lists
too). The product is quite good, well supported under linux.
The price is not bad either, compared to Mcafee at least. I think
when I re-purchased it earlier this year for, 50 users I think,
for their full blown package(server+client), it was about 60% cheaper
then Symantec(on the desktop) and Sophos(on the mail server) was a
year earlier(part of that was major downsizing so we didn't have a
need for as many licenses).
(*) you could come up with your own method to upgrade incrementally
if you wanted I am certain of it, the auto upgrader does not
distinguish between incremental upgrades and version upgrades, everything
is considered a version upgrade. This could be advantageous incase
somehow the software got trojaned, having a new installation may
be "cleaner" in some cases.
Reply to: