[K12OSN] *AntiVirus Solution*
Martin Woolley
sysadmin at handsworth.bham.sch.uk
Mon Dec 5 10:31:23 UTC 2005
On Saturday 03 Dec 2005 03:51, Paul VanGundy wrote:
> currently using Sophos Anti-Virus since it runs on Macs, Windows and
> Linux. However, Sophos doesn't handle infected files very well. Instead
> of quarantining the files it leaves them where they are and just informs
> the administrator that the computer/user has an infected file. Not an
> acceptable solution for our environment.
The Windows version of Sophos can leave infected files where they are,
quarantine them or delete them. Each of the modes (Immediate, Scheduled, IC
Server and IC Client) has their own set of options, so you could, for
instance set Scheduled to quarantine and Immediate to delete. In the Sophos
program, highlight the appropriate tab, click options > configuration and
look at the Action tab.
What is not well known about Sophos is that there are several bits of spyware
and possibely viruses, that are trapped by other virus checkers but Sophos
Inc has declared them to be applications and so it allows them through. A
specific example is msbb which is "provided" by 180solutions.com. Sophos
trapped this until about 03/2004 but then they allowed it through.
Unfortunately we are forced to use Sophos on our M$ boxes by the LEA.
Oh yes, Sophos does not (by default) disinfect the hidden files used by the
Windows restore feature. In fact, it is a pain to get it to disinfect these
hidden files. The effect of this is, your PC gets infected, you use Sophos
to remove the virus and all appears well. You then decide that you need to
restore your system to a previous point in time, and voila! the virus gets
restored too! We know from bitter experience.
> So again, have/do any of you use ClamAV/KlamAV as your sole antivirus
> solution and how is it working for you and do you recommend it for
> heterogeneous networks? Any comments or suggestions from anyone on this
> is welcome and appreciated. Thanks in advance!
We have our own web content filter which includes Clam/AV - This is a Linux
box, and it sits between us and the outside world. This is Bloxx supplied by
www.packetdynamics.com and since we've installed it, there has been a
dramatic decrease in the number of M$ virus that are getting onto our
network. In fact, I have only identified one since Bloxx went in and I
suspect that it was already lurking. So, strike one up for Clam/AV.
This week we have a work experience chap in and I am going to get him to
install A/V software on each of our servers, something that we currently
don't have. I'll let you know which one we use; I'm thinking of something
other than Clam A/V just for a bit of variety.
--
Regards
Martin Woolley
ICT Support
Handsworth Grammar School
Isis Astarte Diana Hecate Demeter Kali Inanna
*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this email
in error please notify postmaster at bgfl.org
The views expressed within this email are those of the
individual, and not necessarily those of the organisation
*************************************************************
More information about the K12OSN
mailing list