Well, yesterday was an exciting day. We were seeing loads of these new
password-protected zip-file viruses – the virus is inside an attachment,
the password for which is included in the body of the email.
Our copy of Sophos Anti-Virus wasn’t detecting these zip files until late in the day – although it
was detecting the files within the zip file if you actually opened them. I wanted to stop our users getting the messages at all, because they were bugging the hell out of me about it … “I’ve got this really strange email …”
Got worried about the reliability and up-to-dateness of the usually reliable Sophos and so decided to install
Clam Anti-Virus too (which is free and Free) – our AMaViS message-scanner will support multiple virus
scanners. So now, any malware needs to be passed as clean by both Sophos and ClamAV to get through to the end-user.
Quite like ClamAV, actually, seems like a nice bit of code and bang up-to-date. There is a copy of Norton Anti-Virus on the desktop PCs too, just as a final line of defence.
Had conversions with Sophos this week about their tardiness in general.
(my-doom-a update was over 24 hours behind clamav and the netsky-D over 11 hours behind).
They are (as are most AV-companies) getting stuffed by the golden day principle, which has dropped the minutes now every one’s got high bandwidth connections – sorry everyone but your work 🙂 The guy I’ve been conversing with disputed the figures to start with, but they weren’t actively monitoring ClamAV updates so he had to do more digging and the difference in naming convention doesn’t help either.
Hopefully they’ll pull themselves together before I go hunting for renewal and defect to someone else like f-prot or Kapersky.
Of course being belt and braces I’ve too got 2 AV on the gateway (using MailScanner rather than AMaVis-New) and a different one on the desktop, just like you. Have you tried bolting SpamAssassin in there as well???
Also helps that my user population is only about 1/3 Windows (other 2/3’s split Linux and MacOS), which reduces the risk.
Also standing orders of “if you didn’t expect it and don’t recognise the sender delete it” helps too.
Another reason to drop Windows on the Desktop – now if only lots of the usefule software was ported to *nix/MacOS, we’d have a real choice other then the M$ monoculture, which would again drop the risk of all this.
Remember the Morris worm ( 1988 ) – proliferated due to 3 major O/S’s on the the internet and nearly brought the internet to its knees. Same problem today…
PermalinkHaven’t tried putting SpamAssasin in too, because spam is one thing that our HQ seems to be managing to block.
Given the amount of virus traffic we’re seeing when there is supposed to be a corporate scanner upstream, they really haven’t got that sorted. And when they *do* detect viruses, they pull the attachments off and then deliver the rest of the message. Completely pointless and causes unnecessary panic and confusion.
I’ve told them about this, of course. More than once.
The sooner we ‘jump ship’ the better – that’s less than a year away, now …
Permalinkless than a year away….
I presume that’s an earth year not a plutonian one. You do seen to have been expecting the move for quite a while now….
Permalink🙂