Re: antivirus software
From:Date: 09/06/02
- Next message: those who know me have no need of my name: "Re: Unix accounts at Universities"
- Previous message: NSU: "Post Intrusion Toolkit"
- In reply to: Liam Cunningham: "Re: antivirus software"
- Next in thread: Bob Hauck: "Re: antivirus software"
- Reply: Bob Hauck: "Re: antivirus software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 6 Sep 2002 14:20:31 +0100
Liam Cunningham <liam@consumercontact.com> wrote in message
news:doNd9.58610$C8.159302@nnrp1.uunet.ca...
> Amavis acts as a gateway between a mail transport and an virus scanner
Most of the major virus scanners scanners are available on Linux, and some
on commercial unixes including Kaspersky, McAfee, Sophos, Trend.
There is also at least one open-source scanner - Clam - which hangs out at
http://clamav.elektrapro.com/
Note that most anti-virus programs operate in the same way - attempting to
match patterns in a file against a database of fingerprints (typically a
highly optimized FSM). Sometimes it's worth thinking about the problem in a
different way - e.g. there is a lot of mileage in blocking executable
attachments in Emails (Amavis, mimedefang, renattach et al.). Another useful
tool for virus control is file based IDS - (e.g. tripwire or L5) which can
spot modifications to files. Although it is possible to spot / identify
macros within Microsoft files, they keep moving the goal posts by redefining
file formats.
...or stop using applications / operating systems which are susceptible, of
course ;).
Colin
- Next message: those who know me have no need of my name: "Re: Unix accounts at Universities"
- Previous message: NSU: "Post Intrusion Toolkit"
- In reply to: Liam Cunningham: "Re: antivirus software"
- Next in thread: Bob Hauck: "Re: antivirus software"
- Reply: Bob Hauck: "Re: antivirus software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
