Mailinglist Archive: opensuse-security (224 mails)

< Previous Next >
Re: [suse-security] f-prot virusscanner for email ?
  • From: Patrick Ahlbrecht <p.ahlbrecht@xxxxxxxxxxx>
  • Date: Sun, 16 Feb 2003 16:12:57 +0100
  • Message-id: <200302161612.57523.p.ahlbrecht@xxxxxxxxxxx>
Am Sonntag 16 Februar 2003 14:53 schrieben Sie:
> On Sun, Feb 16, 2003 at 02:55:49PM +0100, Patrick Ahlbrecht wrote:
> > Educating users may be something very uncompfortable (for both, you and
> > them), but in the long run could save you a lot of trouble (like user A
> > complaining about how long it takes to download the 30MB+ word document,
> > via ISDN, user B sent to the team mailing list). After all, if you cannot
> > disciple your users into not using a certain broken email app, how do you
> > prevent them from setting up a second account with some freemailer and
> > getting their share of malware through there?
>
> Proxy's and Firewalls ;) But ok, you cannot stop users from doing
> the wrong things with just technical options. Its right that you
> SHOULD teach your users how to use the net.

That is the point, firewalls proxies and the like level the problem a bit, but
you still have to figure out, which stupid things your users are up to at the
moment and trying to work around that usually costs time, not to mention
risking system instability/obscurity.

> But its also a FACT
> that many ppl disable virusscanners because of they slow down
> the maschines.

So we put them on the servers and urge management to spill out same extra
bucks for some HW upgrade, right ;-)?

> Surely you're able to setup rules which will prevent
> doing this, but you increases the work for you/the admin. Putting

Actually I think, that this is the way of doing this. A few, sane corporate
rules with do's and dont's would imho remove much workload of the admin, as
s/he won't have to work around problems born out of stupidity (or better
said: uneducatedness).

> scanners on central communication points is imho a good idea:
> you've just a few scanners you REALLY need to keep with actual
> virus files, noone, besides you ;), can easily disable the scanner.

AFAIK AV software is nowadays cabable of autoupdates.

> And another maybe not so unimportant point is the TOC:
> have you ever bought licenses for 100+ Clients? ;)

This is an interesting point by the way, and one that should instantly ban M$
Outlook from each and every client. The AV Software is only needed, because
ppl are using a broken by design system, undoing with this (does one really
have to use outlook, if the only requirement is to sent/receive mail?).
Thinking a bit more about it, two questions remain nevertheless:
a) If no one uses outlook, would I need an AV soft license for my server?
b) Is email really the only way to catch malware? Thinking about Dialer spams
(the ones, only containing links to the real d/l) or diskettes...
... Personally I strongly believe, that each and everyone using a M$ system
should also have some AV soft installed for his/her own safety.


> I fully agree with you on the part that users should be teached
> and told whats good and whats bad, because they cannot take the
> virus scanner from work to home, but their brain ;)

Bingo. Right now, I really consider, if it would be usefull to initialize
every newly created emailaccount in my mailsystem with a short tutorial of
do's and don'ts.

> I disagree with your point of view that content scanners are a
> bad idea, but i see no point for flaming you :)

Oh, I don't think they are a bad idea ;-). I just think they should be
installed where the problem is.

> PS: exchanging malware is good, but its like steal the lolli
> of a little child .. cause its soooo easy and colorful .. *d0h* ;)

To be honest, sometimes I wouldn't mind, if more malware was distributed.
Pain can have a tremendous learning effect ;->

--
Patrick Ahlbrecht - billiton internetservices
Systemadministration
direct phone: 0271/3038619


< Previous Next >