[EMAIL PROTECTED] wrote on 11/16/2007 02:52:34 PM:
> [EMAIL PROTECTED] wrote: > > Hello all. > > > > We've had some consultant make the spurious claim that Clam AV > only scans for 'windows viruses' and is really only useful for > 'scanning email'. > > Despite the fact that I know this to be patently false, is there > documentation out there I can slap him with that clearly indicates > that the virus > > defs are for any platform, Linux, windows, Unix, Mac OS X, etc. ? > I can prove that it scans the file system just by sprinkling a few > test viri things > > out in the file system. Hard to argue with that sort of evidence. > > > > The rest of it, well, now it's personal. > > > As much as I like ClamAV and rely on it for scanning mail before it gets > to our Exchange server, I wouldn't use it as my primary Windows > solution. There are too many hooks necessary to get real-time scanning, > internal Exchange scanning, and so on. The proper thing, in my opinion, > is to build a multi-layer defense, using ClamAV on the MX servers > checking incoming mail, and then using a different product on the > Windows machines. This way, you get two different teams working on > malware definitions, two different ways of looking a things, and two > different timing cycles to make it more likely one of them will catch > whatever's coming in. > > In our case, we use ClamAV on the MX servers and run Symantec Corporate > on the Windows servers, Windows desktops, and the Exchange server. > > I certainly understand the personal bit. Isn't it amazing how they'll > pay attention to an outsider and discount everything you say? I wouldn't even be in this situation, except that Symantec AV for Linux is a little too fussy about kernel levels and the like to pass muster. We're builing a fairly massive vignette/orcale/apache et al environment and the Symantec product is kernel level rigid. It's like we will support 2.4.16-252. Not 251. Not 253 JUST 251. So we apply maintenance that involves the kernal, which we did for some oracle/vignette level set requirements and SAV stopped doing on access scanning and all the other stuff we wanted it for. Just because the kernel level nudged up slightly. So I dusted off my Clam AV setup that I built for Linux on z/Series, created a front end, and through some NFS magic, and automount, I scan all the linux server file systems from a single point, and let ONE server do all the heavy lifting. Is it perfect? no. Is it working? Yes. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
