Snort mailing list archives
RE: SMTP Virus Gateway
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Fri, 14 Jun 2002 12:22:41 -0400
I've always used McAfee WebShield SMTP with great success. Then again, I also do a blanket drop of all .exe, .vbs, .bat, etc. <OT Rant> Virii are ever-changing, and are spreading faster and faster. And as many improvements as we've seen in AV, we're still seeing large-scale global infections. Given these conditions, I can think of *very* few excuses for an administrator to continue allowing the aforementioned attachments (and others, not listed for the sake of brevity). At some point folks need to learn that the software won't always save your a**, and that we need to start being intrusive/proactive. </OT Rant> In short, we could spend weeks talking about which AV gateways let which virii pass through the filters, but it's largely irrelevant. The problem *can* be fixed. Getting back on topic: McAfee (properly configured) works great for me, and always has! Cheers! Keith -----Original Message----- From: Joshua James [mailto:joshua.james () steritech com] Sent: Friday, June 14, 2002 12:04 PM Cc: 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] SMTP Virus Gateway On Fri, 2002-06-14 at 11:39, Madziarczyk, Jonathan wrote:
Hey all, So I've got my snort rules set up to alert on possible Klez Viruses (as well as other e-mail transferred viruses, like Code Red, etc). That seems to be working pretty well. As expected, I do seem to be missing some resets via flexresp and I'd prefer not to use it anyway just to avoid blocking false positives. Is there a product out there that works well at blocking inbound/outbound viruses on e-mail? I'm trying to find something that works on both straight SMTP (unix and listservs) and ESMTP (Exchange). So what do the experts (you) recommend?
NOT Norton AntiVirus gateway. I can't speak for anything except the version I use but if the company handles any other version the same way I'd stay away. Both SirCam and Klez come right through. I already had to upgrade once for SirCam, I'm not doing it again. I need to find a new product as well. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SMTP Virus Gateway McCammon, Keith (Jun 14)
- RE: SMTP Virus Gateway K.S.NARAYANAN (Jun 16)
- <Possible follow-ups>
- RE: SMTP Virus Gateway matt (Jun 14)