[K12OSN] *AntiVirus Solution*

Robert Mortimer rmortimer at bluechiptechnology.co.uk
Tue Dec 13 09:36:18 UTC 2005


-----Original Message-----
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com]On Behalf
Of Andrew Fisk
Sent: 12 December 2005 15:47
To: Support list for opensource software in schools.
Subject: Re: [K12OSN] *AntiVirus Solution*


>I have clam and clamwin deployed extensively and it works very well -- as I
mentioned last time around I have
>not bothered with AV for OS X (Sophos quit working when I upgraded to 10.4
frankly it wasn't worth the
>performance hit to combat a non existent problem).

IMHO the on access is vital is people are going to bring media into the
building. Without "on access" a bad floppy's damage to the system is only
limited by permissions, it there are any shared areas that is not good
enough. I had a virus on a machine without "on access" and inside of an hour
I had to restore large sets of files on the server. Clam is great for
cleaning incoming web and  mail but without shutting down "pen drives",
"CDs", "Floppies" etc you need on access for the windows machines. I use a
Clam/Sophos setup Clam for the incoming data streams Sophos for the on
access (+MS anti-spyware beta for other threats)

>I think you could deploy clam and be confident that your network will be
secure -- even with a bunch of windows
>machines, clam will kill any virus(s) on the server before they can do any
damage.

Run "on access on the clients"
Reject viral email (sendmail mime-defang Sophos) or (sendmail milter clam)
Run scheduled Sophos scan/quarantine on the server

Optional
Run local scans on clients but again IMOHO user's should not be able to save
to the local machine

>Sophos really does have an option to move (or delete) infected files, more
of an issue on the mac is it's desire >to mount and scan any volume that has
ever been mounted on that machine -- if you get 30+ desktops all trying to
>scan a network volume you can imagine what that does for both network and
server performance!




Thanks


Andy
Spitfire Computer Services
441 Beaver Street
Suite 202
Sewickley, PA 15143
Phone (412) 749-0162
Fax: (412) 749-0203
andy at spitcomp.com
www.spitcomp.com


On Dec 12, 2005, at 10:25 AM, Robert Mortimer wrote:


All,


Do any of you use ClamAV or KlamAV as your sole antivirus solution in
your organizations? We have used Symantec, which we left, and are
currently using Sophos Anti-Virus since it runs on Macs, Windows and
Linux. However, Sophos doesn't handle infected files very well. Instead
of quarantining the files it leaves them where they are and just informs
the administrator that the computer/user has an infected file. Not an
acceptable solution for our environment.


The "on access" Sophos notification bans access files it does not perform a
scan/cleanup.
Sophos can be set to do a scheduled scan, this does provide clean up
actions.
Sophos can also be used to clean incoming e-mail streams and reject infected
mail.
(we were using it with sendmail/Mime-defang)
On access is useful as is stops propagation between full scans (it is not
provided by Clam under windows but can be provided using clam SAMBA on your
file server).


Note people who activate an "on access" scan event may not (should not) have
the permissions needed to move viruses about our network, any clean up for
"on access" would have to be done under these permissions. If that includes
sending to quarantine that implies access to you quarantine store, you
really do not want to go there. That is why you set up correct permissions
and use them for a scheduled scan.






So again, have/do any of you use ClamAV/KlamAV as your sole antivirus
solution and how is it working for you and do you recommend it for
heterogeneous networks? Any comments or suggestions from anyone on this
is welcome and appreciated. Thanks in advance!


-Paul


--
Paul VanGundy
Information Technology Director
Epping High School
Epping Middle School
P: 603.679.5472
F: 603.679.2966
vangundypw at sau14.k12.nh.us


_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>




_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>




More information about the K12OSN mailing list