Re[2]: Virus protection by unix (was Re: To the Debian Project... )
Hello Ted,
On Wednesday, September 22, 1999, you wrote:
TH> On 21-Sep-99 David Wright wrote:
>> Quoting Keith G. Murphy (keithmur@mindspring.com):
>>> Art Lemasters wrote:
>>> > BTW, I recently worked a contract for a corporation that uses
>>> > nothing but NT servers and workstations. The machines were rebooted
>>> > every two or three days, and complete images were installed to them
>>> > once a week or more. Granted, though, the employees there were
>>> > actually
>>> > allowed to send and receive e-mail to their workstations via the
>>> > Internet with no UNIX server to protect them!
>>> >
>>> Semi-serious question:
>>>
>>> How does a UNIX server protect them against viruses (I assume that's
>>> what you mean)? Do they die in the arid environment of the server?
>>> ;-)
>>
>> I think unix servers are generally virus-neutral. Most of the products
>> that claim to scan emails, for example, at gateways seem to be built
>> for NT and Netware. Perhaps this is one reason why so much anti-virus
>> scanning is left to the end-user, which makes it much more expensive
>> as well as hit-and-miss. (I for one have no idea how to scan a floppy/
>> email/downloaded file with a virus scanner.)
TH> I suggest having a look at AMaViS - A Mail Virus Scanner
TH> See: http://satan.oih.rwth-aachen.de/AMaViS/amavis.html
TH> This is a (quite complex) script which allows you to apply your favourite
TH> ported-to-Linux virus scanner to email (it includes code for extracting
TH> attachments which may be uuencoded, base64-encoded, gzipped, tarred, etc,
TH> and subjecting each attachment to the scanner).
TH> You will also need to download a good virus scanner from a suitable
TH> source. I use the McAfee "uvscan"; the docs to AMaViS suggest other
TH> choices as well.
TH> You can also use this software to scan directories containing Word
TH> documents etc, if you keep such stuff.
TH> I also set up my mailer (XFMail) so that I can pipe an email to
TH> the scanner if it has an attachment which contains MS files (in fact
TH> I don't otherwise bother with routine virus scanning of email).
TH> Hope this helps,
TH> Ted.
TH> --------------------------------------------------------------------
TH> E-Mail: (Ted Harding) <Ted.Harding@nessie.mcc.ac.uk>
TH> Date: 21-Sep-99 Time: 16:02:03
TH> ------------------------------ XFMail ------------------------------
I currently use Amavis together with McAffee's uvscan to accomplish
just this on a SLINK box that is the mail gateway for the enterprise.
The only downside though, is that for Amavis to work correctly,
sendmail must be used. I would prefer either Exim or Postfix. The
developers of Amavis have indicated they will "port" their script to
other mailers as well.
All round, the system works well. The system has trapped viruses,
indicated to the receiver that it has done so, and also mails the
sender that a virus was found in the mail, and suggests a virus scan
on the senders machine be done.
Interestingly enough, if more institutions used this approach to virus
scanning in e-mails, wild spread of virii such as melissa and happy
worm should not happen, as all these mails that are auto-generated
would be stopped at mail gateways. More importantly, the sender would
receive a flurry of mails indicating such a virus was "at work" on
his machine.
Best regards,
Brandon
mailto:bmberetta@bigpond.com Wednesday, September 22, 1999 8:26 AM (AEST)
Reply to: