[K12OSN] *AntiVirus Solution*

Martin Woolley sysadmin at handsworth.bham.sch.uk
Mon Dec 5 10:31:23 UTC 2005

On Saturday 03 Dec 2005 03:51, Paul VanGundy wrote:

> currently using Sophos Anti-Virus since it runs on Macs, Windows and
> Linux. However, Sophos doesn't handle infected files very well. Instead
> of quarantining the files it leaves them where they are and just informs
> the administrator that the computer/user has an infected file. Not an
> acceptable solution for our environment.

The Windows version of Sophos can leave infected files where they are, 
quarantine them or delete them. Each of the modes (Immediate, Scheduled, IC 
Server and IC Client) has their own set of options, so you could, for 
instance set Scheduled to quarantine and Immediate to delete.  In  the Sophos 
program, highlight the appropriate tab, click options > configuration and 
look at the Action tab.

What is not well known about Sophos is that there are several bits of spyware 
and possibely viruses, that are trapped by other virus checkers but Sophos 
Inc has declared them to be applications and so it allows them through.  A 
specific example is msbb which is "provided" by 180solutions.com.  Sophos 
trapped this until about 03/2004 but then they allowed it through. 
Unfortunately we are forced to use Sophos on our M$ boxes by the LEA.  

Oh yes, Sophos does not (by default) disinfect the hidden files used by the 
Windows restore feature.  In fact, it is a pain to get it to disinfect these 
hidden files.  The effect of this is, your PC gets infected, you use Sophos 
to remove the virus and all appears well.  You then decide that you need to 
restore your system to a previous point in time, and voila! the virus gets 
restored too!  We know from bitter experience.

 > So again, have/do any of you use ClamAV/KlamAV as your sole antivirus
> solution and how is it working for you and do you recommend it for
> heterogeneous networks? Any comments or suggestions from anyone on this
> is welcome and appreciated. Thanks in advance!

We have our own web content filter which includes Clam/AV - This is a Linux 
box, and it sits between us and the outside world.  This is Bloxx supplied by 
www.packetdynamics.com and since we've installed it, there has been a 
dramatic decrease in the number of M$ virus that are getting onto our 
network.  In fact, I have only identified one since Bloxx went in and I 
suspect that it was already lurking.  So, strike one up for Clam/AV.

This week we have a work experience chap in and I am going to get him to 
install A/V software on each of our servers, something that we currently 
don't have.  I'll let you know which one we use; I'm thinking of something 
other than Clam A/V just for a bit of variety. 
Martin Woolley
ICT Support
Handsworth Grammar School
Isis Astarte Diana Hecate Demeter Kali Inanna

This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmaster at bgfl.org

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation

More information about the K12OSN mailing list