[EMAIL PROTECTED] wrote:
Indeed. If you are serious about your systems, then you must have monitoring systems in place that check that everything is working correctly.Hi,
so if someone overflows your server with a few thousand extra virus mails, until scanners no longer work, you would rather want the virii pass than ask the sender to retry?
Having some kind of alert to the admin would be really great, however
I have cronjobs that run every five minutes that throw the EICAR test virus at the AV daemons we use, and if they don't respond "OK", restarts the daemon. The source code distro for clamav even includes clamdwatch which does this!
On top of that I use swatch to monitor the syslogs, and trigger alerts if such errors occur repeatedly (implying something is corrupt).
This is standard SysAdmin stuff: If an error occurs, fix it. If it happens again, try to figure out if you can script your fix to automatically run when needed.
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
