[Snort-users] SMTP Virus Gateway

K.S.NARAYANAN knarayan at ...5994...
Sun Jun 16 21:20:04 EDT 2002


Visit www.mspl.net  also . We are using it with lot of customization (
thanks to mspl ) to suit our needs like attachment blocking with a exception
list ( VVIP users )  , monitoring  ( perl cgi  ) scripts from unix boxes
etc..

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of McCammon, Keith
Sent: Friday, June 14, 2002 9:53 PM
To: Joshua James
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] SMTP Virus Gateway

I've always used McAfee WebShield SMTP with great success.  Then again, I
also do a blanket drop of all .exe, .vbs, .bat, etc.

<OT Rant>
Virii are ever-changing, and are spreading faster and faster.  And as many
improvements as we've seen in AV, we're still seeing large-scale global
infections.  Given these conditions, I can think of *very* few excuses for
an administrator to continue allowing the aforementioned attachments (and
others, not listed for the sake of brevity).  At some point folks need to
learn that the software won't always save your a**, and that we need to
start being intrusive/proactive.
</OT Rant>

In short, we could spend weeks talking about which AV gateways let which
virii pass through the filters, but it's largely irrelevant.  The problem
*can* be fixed.  Getting back on topic: McAfee (properly configured) works
great for me, and always has!

Cheers!

Keith


-----Original Message-----
From: Joshua James [mailto:joshua.james at ...6094...]
Sent: Friday, June 14, 2002 12:04 PM
Cc: 'snort-users at lists.sourceforge.net'
Subject: Re: [Snort-users] SMTP Virus Gateway


On Fri, 2002-06-14 at 11:39, Madziarczyk, Jonathan wrote:
> Hey all,
>
>   So I've got my snort rules set up to alert on possible Klez Viruses (as
> well as other e-mail transferred viruses, like Code Red, etc).  That seems
> to be working pretty well.  As expected, I do seem to be missing some
resets
> via flexresp and I'd prefer not to use it anyway just to avoid blocking
> false positives.  Is there a product out there that works well at blocking
> inbound/outbound viruses on e-mail?  I'm trying to find something that
works
> on both straight SMTP (unix and listservs) and ESMTP (Exchange).  So what
do
> the experts (you) recommend?

NOT Norton AntiVirus gateway. I can't speak for anything except the
version I use but if the company handles any other version the same way
I'd stay away. Both SirCam and Klez come right through. I already had to
upgrade once for SirCam, I'm not doing it again. I need to find a new
product as well.


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list

*********************************************************
Disclaimer

This message (including any attachments) contains 
confidential information intended for a specific 
individual and purpose, and is protected by law. 
If you are not the intended recipient, you should 
delete this message and are hereby notified that 
any disclosure, copying, or distribution of this
message, or the taking of any action based on it, 
is strictly prohibited.

*********************************************************
Visit us at http://www.mahindrabt.com




More information about the Snort-users mailing list