Webmoth asks:
"As a networking consultant providing services to small businesses, I find myself installing an increasing number of Linux/Samba servers. Many of these clients are now getting always-on Internet connections with static IP addresses so that they can have an in-house mail server on that Linux box. I am concerned about the increased possibility of viruses infecting their network because of this. I'm not worried about the Linux box contracting a virus (that typically requires user intervention), but would like some solution, a software package running on Linux, that monitors for Windows viruses as files are accessed on the Samba server. It would be nice if there was a module that interacted with Sendmail to block e-mail viruses, too." Remember, many solutions that work for Linux will work for other Unixen as well. Unix machines typically act as mail servers for most enterprises so it would help prevent e-mail virus outbreaks if scanning can be done at the server level as well as the client level.
"Ideally, this Linux antivirus product would act as a server to provide virus definitions and scan control to Windows clients (much like Symantec's Norton Antivirus Enterprise Solution, formerly Intel's LanDesk, which is a great product but Windows-exclusive), as you can't trust users to maintain their virus software. Symantec had a press release back in April which seemed to indicate Linux support, but a knowledge base article posted the following day reveals that support is provided by scanning a shared Linux filesystem that can be mounted by a Windows box running Norton Antivirus. I'd like to see real Linux support. Anybody know of a practical solution?"
Qmail + Qmail scanner (Score:1)
While qmail itself offers of course many advantages compared to sendmail (security, speed modularity) the one that mopst impresses me in my day to day work is the modularity.
Qmails modularity allows in case of qmail scanner, to intercept the mail before it enters the system queue, and run one or several of the antivirus scanners available for linux on it.
Qmail scnner in conjunction with the tnef package is even able to scan inside those stupid tnef attachments ms products like to use.
I usual run it with AVP as a viruscanner (price/performance) but as i already said it runs with any of the Virus Scanners available for linux.
Altough i havent really yet played with it a lot AVP also comes with a daemon wich will accpet files thru sockets, this should make it realitvel easy to write some little app to provide remote scanning capabilities
I don't like AMaViS (Score:1)
Inflex is much cleaner, but still has the same basic (IMO broken) design, and both lack alot of features I want. For these reasons I started work on my own solution, the Anomy sanitizer. Follow the link in my signature to check it out, it's pretty reliable these days.
--
AMaViS (Score:1)
Re:Communigate Pro from Stalker Software (Score:1)
AV Email Gateway (Score:1)
Communigate Pro from Stalker Software (Score:1)
Re:Communigate Pro from Stalker Software (Score:1)
Plugin Release:
The McAfee VirusScanner plugins for CommuniGate Pro are released.
The plugins require the CommuniGate Pro version 3.4b2 or better.
FreeBSD - Intel
<http://www.stalker.com/pub/plugins/CGPMcAfee-F
<ftp://ftp.stalker.com/pub/plugins/CGPMcAfee-Fr
Linux - Intel
<http://www.stalker.com/pub/plugins/CGPMcAfee-L
<ftp://ftp.stalker.com/pub/plugins/CGPMcAfee-Li
Win32 - Intel
<http://www.stalker.com/pub/plugins/CGPMcAfee-W
<ftp://ftp.stalker.com/pub/plugins/CGPMcAfee-Wi
Solaris - Sparc
<http://www.stalker.com/pub/plugins/CGPMcAfee-S
<ftp://ftp.stalker.com/pub/plugins/CGPMcAfee-So
AIX - PowerPC
<http://www.stalker.com/pub/plugins/CGPMcAfee-A
<ftp://ftp.stalker.com/pub/plugins/CGPMcAfee-AI
Yahoo Mail does it with Norton Antivirus (Score:1)
AVP for Linux just out (Score:1)
hope that helps,
Dave
Re:Possible other option. (Score:1)
We've got this running on the network at my campus, and it works reasonably well (now that we've added normal.dot to the list of files to be restored on logout). Every time a user logs out of an NT machine, PC-Rdist does a quick scan and replaces anything that needs replacing. This tends to keep things reasonably clean; although at first, before we protected normal.dot, the lab PCs were just a haven for Word macro virii.
Also, I definitely agree about having homogenous hardware -- we don't, and it's a huge pain. We've got, I think, 4 different kinds of PC in the labs, each with its own image that it restores from, and it's just an enormous hassle.
In all, though, this is a reasonable (and pretty cheap) way to protect PCs from virii.
Kaspersky Anti-Virus (Score:1)
I discovered this from a page which covers exactly what you are looking for. The page is here. [decros.cz]
Re:AMaViS (Score:1)
Policy based filtering of incoming email (Score:2)
Anomy allows you to define on a mail gateway (sendmail, qmail or something else - Anomy is mailer independant) what to do to different sorts of attachments. Options include "drop", "save", "scan" (with a third party virus scanner), "mangle" (rename to avoid windows extension risks) and "accept".
Anomy is more powerful than Amavis or Inflex, in that it allows you to selectively scan/drop/... only certain types of files for viruses (thus saving CPU cycles when people are just swapping .gifs). So you can taylor it pretty carefully to match the needs of your customer. And Anomy should also be faster, since it doesn't need as many forks or use up temporary disk space for each message. Anomy is also aware of
non-MIME attachments, so all those uuencoded outlook-style attachments will get scanned. The same goes for nested MIME parts. Some of the other solutions get these things wrong, which means that things are likely to slip through.
Another feature Anomy has which the others lack, is a method for cleaning up risky HTML - disabling things like styles, javascript, ActiveX - all of which have had email security related problems.
I wrote Anomy because I wasn't happy with any of the other available free solutions, and I've reached all of my technical goals - so I think it's fair to say that mine is better. It's also been pretty stable for the last few months. Now I just need to write a decent manual... :-)
--
Re:NAI (Score:2)
BTW, I've found it works an absolute dream using qmail and qmailscan (both packages available from qmail's home page) and has stopped a lot of viruses being sent via email. Qmailscan also stops attachments with certain extensions; in my case, I set it up to block .VBS and was very glad when it stopped an ILOVEYOU variant :)
--
Sophos, Trend (Score:2)
As for the automatically-distributed client, you should evaluate (for free) Trend Micro [trendmicro.com]'s OfficeScan Corporate Edition to see if it plays nice with Samba. It runs no code on the server. The software and updates get delivered via client pull, initiated by Windows login scripts, and the admin interface can be run from any Windows machine with proper share access to the distributing host.
Possible other option. (Score:2)
I've mainly seen this done via some netbooting variant of NT, but it could be done using Linux as well. Either on startup or at regular intervals, system and other non-data files on Windows machines are compared regularly to protected reference copies of the files. Files that don't match are overwritten. Files that are missing are replaced. Files that shouldn't be there are wiped.
The down side: Your Windows environment has to be homogeneous (including hardware). Otherwise, your administrative hassles skyrocket, because you have to maintain a separate reference copy for every variant of the installation.
The plus side: This is the only sure-fire way that I know of to protect a Windows system from corruption, be it induced by a virus or by time. From what I've seen, it works quite well.
The Problem: You're going to have a lot of fun gaining read/write access to all of the required drives remotely and securely. Read access might be manageable without opening too many holes.
Sophos.. (Score:2)
Surprised no-one else has posted this yet - Sophos [sophos.com] offers AV software for Windows, Netware, OS/2, Unix (Solaris, Linux, SCO, Digital, AIX, FreeBSD, HP-UX) and OpenVMS servers, and Windows, OS/2, Mac and DOS clients.
Our company uses it on Netware servers/Windows clients, and it's been great - although I haven't used any of the other server versions I'd expect them to be at least as good. SAVAdmin and other management tools work well too (provided you've got an NT machine handy to run it) - updates, client upgrades and the like can all be automated.
UNIX and Linux (Score:2)
I also asked this question a month or so back and got rejected - obviously luck of the draw for which reviewer you get :+)
--
Install the Outlook Security Patch (Score:3)
Will solve 99.9% of your problems. Of course it messes up Outlook's automation features, but that was the problem in the first place. It got rid of all our issues.
BTW, Bynari [bynari.com] has an Exchange-server replacement for Linux that will give your Outlook clients most of those features back at the server level. As such, we're thinking about switching from HP OpenMail to Bynari's TradeServer.
-- Bryan "TheBS" Smith
NAI (Score:3)
http://www.nai.com/asp_s et/ buy_try/try/products_evals.asp [nai.com]
If you are looking for an email scanner check this out, it is a great email scanner:
http://www.amavis.org/ [amavis.org]