(OT) Does anyone use FOSS Virus Scan?
Bill McGonigle
bill at bfccomputing.com
Thu Jul 19 19:36:59 EDT 2007
On Jul 19, 2007, at 09:50, Neil Joseph Schelly wrote:
> Scheduling a nightly scan is
> relatively painless though and I think the performance benefit from
> not
> having the virus scanner constantly watching all disk activity is
> probably
> worth it.
In a world without ClamAV on your firewall and ClamAV on your squid
proxy and ClamAV on your mail server, you can probably get away with
this, but I've seen so many disasters averted by on-access scanners
(Sophos SBE mostly where I've had to do installs) that you wouldn't
want to be found with neither belt nor suspenders. All such incidents
were triggered by people browsing compromised websites with IE,
unfiltered, though the guy who just flew in from Dallas and has been
whoring around airport wireless nets is still a vector to worry
about. Ideally, outside Windows machines would be quarantined before
being allowed on your secure network.
MailScanner just implemented proper clamd support, which is supposed
to be snappy, though I haven't tried it yet. ClamAV is now in Fedora
- there was a wrinkle on many of my installs when it went into the
Extras tree with different package names than RPMForge had used, but
that's over with.
Response time from the ClamAV team has been measured to be lower than
commercial vendors in many cases (virustotal I think was the source
on that) - that's not an issue to worry about.
ClamAV can also be used for fun and games. There was a definition
file to find insecure copies of zlib a while back:
http://blog.bfccomputing.com/articles/2005/07/16/discovering-
copies-of-zlib
and there's a project to tag phishing and mail scams using ClamAV
signatures.
Did I mention Open is powerful? Oh, you knew that already. :)
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list