RE: Corporate Anti-virus solutions
I have used sophos a lot in the past, I was not aware of a linux client
though.
I found it was a particularly fast av scanner when use to scan many small
files , such as on an email filtering box, like Mimesweeper. But I did not
like the update methods. Basically wget iirc.
As for Nortons/Symantec, I have to say I do recommend it for large MS based
enterprises, the deployment is a doddle, I have pushed out 1000s of clients
over a night time.
The tree like/cascading configuration for the update servers is also very
good, especially over slow wan links.
Cross platform, I can only say it was good for win98/NT/win2k and Netware,
not so hot for command line, good integration with outlook and Exchange.
Dreadful/non-existant deploy/management for Macs.
AV products are as much to do with upkeep and management as they are
catching virues.
Matt
-----Original Message-----
From: nate [mailto:debian-user@aphroland.org]
Sent: Tuesday, 29 October 2002 10:18 AM
To: debian-user@lists.debian.org
Subject: Re: Corporate Anti-virus solutions
Curtis Vaughan said:
> One year ago, our organization was totally MS. So, for our corporate
> anti-virus product we have been using Norton Anti-virus corporate
> addition.
>
> Now, our organization is 50/50 linux/ MS. Norton anti-virus is not
> available for linux, so I'm wondering what other options there may be
> for a corporate environment, which option is recommended by some of
> you out there!
>
> Personally, I would like one that would also work with our mail
> servers (1 exchange server, 1 postfix server).
>
> Currently, all linux machines use clamav, btw. Maybe this is good
> enough?
I can't reccomend sophos enough. I've always hated symantec. I don't know
what it is about them that drives chills down my spine but I just can't
stand them.
Sophos is great because they support a diverse selection of platforms,
provide incremental(e.g. 10kb or so) updates, their upgrades are just plain
files, no "smart update" with binary patches to the virus defs like some
other vendors do, so updates are easy to deploy(extract the files..). for
Win32 they have an auto upgrade thing if you have a Win32 server you can
make a "server" install and install the client "versions" on the clients and
have them check for updates ever so often(default is every 10 minutes). When
an update is detected it removes & reinstalls the product automatically(with
or without user interaction depending on your preferences). It allows the
user to postpone an update if they are doing something(again you can
ovveride this as the admin). You can do a "remote" install without being on
the user's system(win2000 computers need the "remote registry editor"
service or whatever its called enabled for it to work). The software will
automatically disable itself after 3 months of no upgrades forcing users to
upgrade, which I think is good, old AV software is a false sense of
security(it will also send a big warning if you try to run it after 3
months, after 1 month it warns you to upgrade saying you have 2 months until
the software stops working or something). I came up with a quick script to
update the server nightly and then the clients would update automatically
each night. worked quite well.
Unix side is even easier, no software to maintain, just use the normal tools
to copy the updated files around(no daemons to restart or anything).
Upgrading the package itself, just copy the files over and run the installer
script(its non interactive so can be run automatically if you wish).
upgrades are available from their website, and they send you a CD each
month. One of the best features is the license, they allow employees of a
company full and unrestricted use of the software on their home computers.
So I put up a website where employees could download the software and use at
home if they wanted. Even freebsd/solaris/linux versions.
the win32 server-client version also has a "admin tool" where you can check
the status of the workstations and servers to see what versions are
installed, what updates are installed, and the status of the
software(running/disabled/etc).
the only real downside is the auto-upgrade for win32 upgrades the whole
installation rather then just a incremental update. This uses a lot of
bandwidth, on a LAN its not an issue for me, but dialup users and stuff can
be caught waiting for a while while it downloads(*) :)
their sales staff is quite knowledgable, and as another added bonus they
have sworn(more or less) to NOT co-operate with the FBI in "not detecting"
the FBI's trojans. Symantec (& I think Mcafee) said at one point they would
not detect the FBI's trojans(I think they later changed their views so that
they would though). Being a UK company Sophos doesn't have as much incentive
to support the FBI. Sophos turned me onto amavis back in 2000, and they do
have people that monitor the amavis mailing list(perhaps other lists too).
The product is quite good, well supported under linux.
The price is not bad either, compared to Mcafee at least. I think when I
re-purchased it earlier this year for, 50 users I think, for their full
blown package(server+client), it was about 60% cheaper then Symantec(on the
desktop) and Sophos(on the mail server) was a year earlier(part of that was
major downsizing so we didn't have a need for as many licenses).
(*) you could come up with your own method to upgrade incrementally if you
wanted I am certain of it, the auto upgrader does not distinguish between
incremental upgrades and version upgrades, everything is considered a
version upgrade. This could be advantageous incase somehow the software got
trojaned, having a new installation may be "cleaner" in some cases.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: