Educause Security Discussion mailing list archives
Re: Exchange Server Virus Scanning
From: Graham Toal <gtoal () UTPA EDU>
Date: Fri, 17 Feb 2006 10:31:41 -0600
Our edu is contracted with Mcafee for client protection and that layer is very beneficial.
I forgot to mention in my summary of anti-virus+spam protection for Exchange: it is a very good idea to have a different AV product in your external filter from the one you have on your server, and from the one you have on your desktops. None of these guys are perfect, and it has happened more than once that one of our AV products had broken its automatic updates, but we remained protected because at least one of the others still worked. The worst scare we had was when both clamav and uvscan updates broke at the same time and we were protected only by our desktop AV. Losing your automatic updates is insidious because it is not immediately obvious that it has happened. We noticed it because we do end-of-month summaries of our virus figures for a state agency, and spotted that the distribution of detections had moved from the mail filter to the desktop. For us the biggest determiner for desktop AV is how well it can be centrally managed. Stopping direct machine-to-machine worm transmission is pretty much a licked problem (at the network level). The majority of issues now come from trojans that people click on from email or web sites. Stopping those doesn't really need an AV solution, more a systems management one. I think in the future the emphasis has to shift to ways of not allowing *any* unapproved software to run on the desktop in the first place, rather than what is effectively an after-the-fact cleanup process that is done by current AV products. We probably do still need those to catch things like buffer overflow exploits, but they should be the last line of defence, and more akin to a host-based IDS like tripwire. Graham
Current thread:
- Re: Exchange Server Virus Scanning, (continued)
- Re: Exchange Server Virus Scanning Fretz, Kerry (Feb 16)
- Re: Exchange Server Virus Scanning Lucas, Bryan (Feb 16)
- Re: Exchange Server Virus Scanning Wehner, Paul (wehnerpl) (Feb 16)
- Re: Exchange Server Virus Scanning Flagg, Martin D. (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Michael_Maloney (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Wehner, Paul (wehnerpl) (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Tim Rhoades (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Alan Amesbury (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Jeremy Mooney (Feb 17)