Re: Virus Checking on Firewall
On Thu, 27 Sep 2001, Jim Penny wrote:
> On Thu, Sep 27, 2001 at 10:58:26AM -0400, Richard A Nelson wrote:
> > On Wed, 26 Sep 2001, Chad Morgan wrote:
> > > I was wondering what the best way (if any) of stopping email viruses
> > > through a firewall.
> > Put your virus scanner there...
> I respectfully disagree with this.
> The questioner sepecifically said that people were fetching mail
> from outside services. Presumably this means POP, IMAP, and
> probably webmail, and if webmail, probably HTTPS webmail.
Indeed, I was thinking only of a fetchmail type setup. Anything
more complicated has little chance of working at all.
> Also, I don't really think that a virus scanner belongs on a firewall.
> These tend to be very heavy and closed source. I would worry
> Denial of Service Attacks and even straight attacks on the virus
I'll agree that there are problems with virus scanners and *any*
kind of mailhub (firewall or not), but I see more pressure being
put on folk to do so anyway... The mailhub is a better place
than the firewall, and about the only hope (currently) of stopping
things like the mail spreading of nimda, etc...
> In my opinion, the only thing to do is to make it more difficult
> for the end users to shoot themselves in the foot. (Amazing how
> many times they can shoot themselves in the foot and expect us
> to come along and patch them up again.)
ohhh - flashback to college and Adventure (750pt version) - there
was a long missive after so many (3?) reincarnations ;-)
> This means that the
> mail client absolutely, positively must not automatically handle
> no VBS, nothing but text. And it absolutely must not hide extensions,
> ever. I.e. kill LookOut!, kill LookOut Real Fast!, kill Rotus Motes,
> and you might have a chance.
Amen ! However, thats a long row to hoe... And will be helped by
carp like nimda -
CR and Nimda put a hell of a crimp on the IBM infernal network,
and my daughter is part of a group hitting every Scott Co school
to eradicate these beasties
<jim> Lemme make sure I'm not wasting time here... bcwhite will remove
pkgs that havent been fixed that have outstanding bugs of severity
"important". True or false?
<JHM> jim: "important" or higher. True.
<jim> Then we're about to lose ftp.debian.org and dpkg :)
* netgod will miss dpkg -- it was occasionally useful
<Joey> We still have rpm....