Mike Stoico @ METLIFE
02/27/97 04:35 PM
In addition, you're gonna have to put some sort of virus scanning at the
client anyway if they're doing any sort of encryption. This is only place
where the message can be decrypted and scanned.
Mike
lists @
reflections .
mindspring .
com on 02/27/97 11:21:37 AM
To: lance @
pfi .
com
cc: firewalls @
GreatCircle .
COM (bcc: Mike Stoico/Bsg/MetLife/US)
Subject: Re: virus checking
On Thu, 27 Feb 1997, Lance and Christine wrote:
> i was handed a product announcement yesterday about a symantec tool
> which does virus checking on smtp packets on the firewall. i didn't
> look very closely at it, but it raised a couple of points on which i
> would like some feedback.
(Lesson of successful computer administration #1: Never let marketing
overcome your instincts)
> first, is the firewall the right place to do this kind of checking?
No.
> on a fairly skinny host (in my case, a sparc 2 running firewall 1),
> wouldn't the overhead of virus checking impact the flow of packets?
Yep.
> and finally, is smtp checking enough?
Nope.
> it seems inadequate.
It is.
> thanks for any feedback.
You're welcome.
Filtering SMTP might catch some viri, but the odds are humblingly low.
Wouldn't that money be better spent on hardware for firewall redundancy,
maybe? Howabout more disks for logging. The C/B is way too low to
justify the product, and the costs are not merely monetary, but also
operational in terms of latency of mail deliveries, sluggish performance,
etc.
I don't think the virus filters come close to being worth the cost.
__
Todd Graham Lewis MindSpring Enterprises
tlewis @
mindspring .
com
Follow-Ups:
|
|
