Full Disclosure mailing list archives
RE: antivirus s/w
From: "Kevin Cherry" <kevin.cherry () leggett com>
Date: Tue, 27 Jan 2004 13:03:47 -0600
One product you might want to look into is Cisco Security Agent or CSA. CSA runs on all NT Class machines and works as a kind of a Personal Firewall. It does this through OS behavior monitoring and then reports any suspicious activity to a centralized console called VMS. The VMS console can read the log information leading up to a successful block and compare that information from other CSA agents running on other machines to determine if a new rule needs to be generated and pushed out to the clients to block a new worm or attack that may be active on your network. CSA's rules can be customized down to a very detailed level and provides a proactive approach for combating new viruses and system compromise attempts and it does not need any definitions to do so, because it works by monitoring OS behavior. CSA will also work in combination with Cisco VPN concentrators by only allowing machines that have CSA running to connect to the VPN. Here are some links for more info. http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html http://www.cisco.com/en/US/products/sw/cscowork/ps2330/ If I made any mistakes in my description please let me know as I only told this information at Cisco Security Seminar and I may have forgot some things or explained them incorrectly. Kevin -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Gadi Evron Sent: Tuesday, January 27, 2004 5:10 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] antivirus s/w Patrick J Okui wrote:
Hi all, (.*flames.*>/dev/null) 1. I'm trying to decide on an AV solution for a campus wide n/w. I'm basically looking for something that'll respond as quick as possible to new viruses. I'm currently evaluating NAV, and Fprot. Any other suggestions/recomendations?
To install on every workstation or to filter malware from email?
2. Fprot have an AV 4 linux/bsd workstations....does this just scan for virii from infected winbloze or are there un*x virii i'm ignorant about?
A better question would be.. rootkits? Gadi Evron _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: antivirus s/w, (continued)
- Re: antivirus s/w Randal L. Schwartz (Jan 27)
- Re: antivirus s/w Patrick J Okui (Jan 27)
- Re: antivirus s/w Volker Tanger (Jan 27)
- Re: antivirus s/w Gustavo A. Lozano (Jan 27)
- RE: antivirus s/w Steve Wray (Jan 27)
- Re: antivirus s/w William Warren (Jan 27)
- Re: antivirus s/w I.R. van Dongen (Jan 27)
- RE: antivirus s/w Jos Osborne (Jan 27)
- RE: antivirus s/w Bryan K. Watson (Jan 27)
- Re: antivirus s/w Damian Gerow (Jan 27)
- RE: antivirus s/w Bryan K. Watson (Jan 27)
- RE: antivirus s/w Kevin Cherry (Jan 27)
- RE: antivirus s/w Kevin Patterson (Jan 27)
- Re: antivirus s/w Georgi Guninski (Jan 27)
- Re: antivirus s/w Randal L. Schwartz (Jan 27)