[Snort-users] Anti Virus on Linux?

Bob McClure Jr robertmcclure at ...741...
Mon Jan 27 13:21:06 EST 2003


On Mon, Jan 27, 2003 at 03:57:02PM -0500, Paul Greene wrote:
> I would also disagree that there's no point in scanning outgoing mail. 
> Aren't there laptop users that bring their laptops in from the outside, 
> and have had opportunities to bring in viruses that haven't gone through 
> the corporate firewalls and e-mail servers?
> 
> pg
> 
> Sean T. Ballard wrote:

It's also true that some of the customers use outside email accounts
like hotmail and such, which is another hole.  Now let me be more
specific.

It was fairly simple for me to wire it into the incoming side, but for
the outgoing side, it would have required rebuilding sendmail so I
could wire in the Milter interface, and then hook the stuff in there.

But the proof is in the pudding.  Out of a customer base of 850 or so,
we used to get two or three victims a week.  With the incoming filter
in place for the last six months or so, only one customer has gotten
infected.

The cost-to-benefit ratio looks pretty good to me.

Cheers,
-- 
Bob McClure, Jr.             Bobcat Open Systems, Inc.
robertmcclure at ...741...  http://www.cumbytel.com/~bobcatos/
Peace at any price is inflationary.




More information about the Snort-users mailing list