Great Circle Associates Firewalls
(July 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Virus Scanner
From: David Harley <harley @ icrf . icnet . uk>
Date: Sun, 27 Jul 1997 12:18:13 +0100 (BST)
To: "Randy.Witlicki." <randy . witlicki @ valley . net>
Cc: Firewalls @ GreatCircle . COM
In-reply-to: <l03020900b00041c7df09 @ [198 . 115 . 160 . 111]> 
> >This falls into the "Is it a dessert topping or a floor wax"
> >category. Is it a firewall, or a virus checker? Or both?
> >  ...<snip>...
> 
You may get your desert topping and floor wax from the same store, but do
you want them out of the same box? ;-) 

>   The system is an NT system which will be your frontend mailhost to
> the Internet.  It will accept incoming mail, detect and decode
> email attachments, run them through a PC virus checker, and if they
> pass, send the mail on to the actual mail system.
 
Store and forward as done by MIMEsweeper, MailGuard etc., may be 
acceptable, since the latency is normally transparent to the user (unless
he's accustomed to sending himself mail to see how long it takes to 
arrive).....

>   This approach seems to strike a reasonable balance between technology
> and policy (protecting internal systems which are accidently or purposely
> mis-configured (may users turn off the virus scanners for perceived
> performance or robustness reasons in violation of policy).  Running the
> virus scanner on a seperate box (if needed) can address the performance
> concerns.

But not eliminate them. There's still an overhead, and for protocols such
as FTP, it isn't transparent, though it performance may well be improved.
And as always, imposing protection at this level is no substitute for
comprehensive desktop protection. If users are turning this off, you still
have to either kick their butts or address their requirements with a
better comprehensive solution.
  
>   Disclaimer:  I have not used or tested the Dr. Solomon product, the
> approach just seems to be a clean one to me, albeit with one more
> system to be added to the security checklist.
> 
It's a useful possible supplement, and Dr. Solomon's is one of the better
scanning engines. As long as no-one mistakes it for a panacea......

-- 
David Harley                  |              alt.comp.virus FAQ
D .
 Harley @
 icrf .
 icnet .
 uk        |           & Anti-Virus Web Page
Support & Security Analyst    |    Folk London On-Line gig-list
Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/
References:
Indexed By Date Previous: Re: Virus Scanner
From: David Harley <harley @ icrf . icnet . uk>
Next: Re: HI
From: "David Harvey-George" <david @ threewiz . demon . co . uk>
Indexed By Thread Previous: Re: Virus Scanner
From: "Randy.Witlicki."<randy . witlicki @ valley . net>
Next: Re: Virus Scanner
From: "Jay K. Bahel" <jbahel @ mcs . net>
Google
 
Search Internet Search www.greatcircle.com