RE: SMTP Virus Gateway

["McCammon, Keith" <Keith.McCammon () eadvancemed com>]

I've always used McAfee WebShield SMTP with great success.  Then again, I also do a blanket drop of all .exe, .vbs, 
.bat, etc.

<OT Rant>
Virii are ever-changing, and are spreading faster and faster.  And as many improvements as we've seen in AV, we're 
still seeing large-scale global infections.  Given these conditions, I can think of *very* few excuses for an 
administrator to continue allowing the aforementioned attachments (and others, not listed for the sake of brevity).  At 
some point folks need to learn that the software won't always save your a**, and that we need to start being 
intrusive/proactive.
</OT Rant> 

In short, we could spend weeks talking about which AV gateways let which virii pass through the filters, but it's 
largely irrelevant.  The problem *can* be fixed.  Getting back on topic: McAfee (properly configured) works great for 
me, and always has!

Cheers!

Keith


-----Original Message-----
From: Joshua James [mailto:joshua.james () steritech com]
Sent: Friday, June 14, 2002 12:04 PM
Cc: 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] SMTP Virus Gateway


On Fri, 2002-06-14 at 11:39, Madziarczyk, Jonathan wrote:
> Hey all,
>  
>   So I've got my snort rules set up to alert on possible Klez Viruses (as
> well as other e-mail transferred viruses, like Code Red, etc).  That seems
> to be working pretty well.  As expected, I do seem to be missing some resets
> via flexresp and I'd prefer not to use it anyway just to avoid blocking
> false positives.  Is there a product out there that works well at blocking
> inbound/outbound viruses on e-mail?  I'm trying to find something that works
> on both straight SMTP (unix and listservs) and ESMTP (Exchange).  So what do
> the experts (you) recommend?

NOT Norton AntiVirus gateway. I can't speak for anything except the
version I use but if the company handles any other version the same way
I'd stay away. Both SirCam and Klez come right through. I already had to
upgrade once for SirCam, I'm not doing it again. I need to find a new
product as well.


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users