At 07:55 AM 4/9/2004, Josh wrote: >ClamAV gets my vote, in addition, reject ALL email with Windohs executable >content at the SMTP level, including Zip files. Configuration depends on >your MTA. There's no reason these should be attached to email messages, >provide an online file upload/download area if people gripe. This has the >added benefit of significantly reducing the load on your AV. Clam, as >with other email content scanners, can take a lot of CPU. I don't get this reasoning. Yes, executables carry viruses. But how is it a good idea to tell people to use a back door communication mechanism that subverts the virus scanners? How do you ensure that the ftp dropbox doesn't contain infected files? Second, there are more than just .exe and .zip executables to worry about. Your users (and virus writers) are eventually going to figure this out, so sooner or later you'll have to extend your filter to exclude more file types. For example, WinZip supports .arj and .tar archive formats. These aren't as popular as .zip, so they aren't used as much, but I wouldn't be surprised to see virus payloads being vectored through these file types, because WinZip will automatically recognize them. Finally, as for the benefit of "significantly reducing the load on your AV," it seems to me that this is a false economy. The point of the scanner is to detect viruses. What's the cost if one gets through the back door channel? Can you explain more why this is a good idea? I'd really like to understand. Thanks. -Jeff -------------- next part -------------- _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list