Re: Economical Anti-Virus Network Solution

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: 05/15/02


From: "Nick FitzGerald" <nick@virus-l.demon.co.uk>
Date: Tue, 14 May 2002 22:14:03 GMT


"Gary C. New" <ANTISPAM_garycnew_ANTISPAM@yahoo.com> wrote:

> I'm trying to build up a network wide anti-virus solution for my
> company. We have a mixture of Windows (workstations) and Linux
> (servers) systems and I am wondering what might be the most robust,
> yet economical solution for such a network. Our SMTP, HTTP, and FTP
> hosts are mostly Linux based with the exception of a Windows
> File/Backup server. I was thinking of either a mail gateway, network
> scan, client scan, or a combination scheme.

The client is the last line of defense, so (generally) has to be
the one you put the hard yards into. Far too many people make the
mistake of going the "easy route" of grabbing server (or worse,
just "gateway server") virus scanners and then kicking back,
believing they have nailed the problem -- until the next cunning
security exploit or previously unthought of "sneak around AV"
trick comes out. Although it is not always the case, often these
"tricks" are still detected on the desktop by heuristics and/or
generic detection technologies after the "cunning trick" executes
and unpacks the actual malware code.

The point -- don't overestimate the value of solutions at each of
the locations, no matter how much a vendor may over- or under-sell
each...

--
Nick FitzGerald