Security Basics mailing list archives
Re: about viruswall?
From: chort <chort () amaunetsgothique com>
Date: 21 Sep 2003 00:30:15 -0700
On Wed, 2003-09-10 at 08:50, Gabriel Orozco wrote:
Thanks, Sebastian It was the concept what I did not understood, since as you pointed, I use Linux + QMail + qmailscan + fprot to scan virus, and in the chain of events, no email will pass without being checked for virus first. I update twice every hour, and since I had no problems with email more than the tons of warnings of viruses deleted I receive from qmailscan since I'm the postmaster. so, this is the same concept of a Viruswall. Then I keep saying the same: With an antivitus running in your SMTP server is more than enough. but you first need to choose carefully which solution to use. It seems that Linux+{QMail | Postfix | Exim | Sendmail } is a better way to go Best Regards Gabriel
That is a very good solution, but I would still say that it's better in principle to scan incoming traffic of any kind in the DMZ, before allowing it to your internal network. I'm loath to let any protocols have direct access to the internal net and the internal machines, simply because a single compromise will essentially open your entire network to attack. Even "secure" boxes can be compromised, as hinted at by the latest patches for OpenSSH. I'm very glad I discontinued ssh access from the outside to my internal net, and instead forced it to terminate in the DMZ (with no DMZ -> LAN access). The latest Sendmail exploits are another excellent reason why not to allow traffic directly into your internal net. Of course, due to budget, topology, politics, etc it's not always possible to setup your network like that, but it is the "best practice" (that goes for any service, HTTP, FTP, DNS, etc). -- Brian Keefer --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: about viruswall? chort (Sep 02)
- Re: about viruswall? Gabriel Orozco (Sep 02)
- Re: about viruswall? Sebastian Schneider (Sep 10)
- Re: about viruswall? Gabriel Orozco (Sep 10)
- Re: about viruswall? chort (Sep 22)
- Re: about viruswall? Sebastian Schneider (Sep 10)
- Re: about viruswall? Sebastian Schneider (Sep 10)
- Re: about viruswall? Gabriel Orozco (Sep 02)
- <Possible follow-ups>
- RE: about viruswall? Renato_Joves (Sep 02)