Re: [Exim] virus checking and exim

Top Page
Delete this message
Reply to this message
Author: Chris Bayliss
Date:  
To: P.A.Osborne
CC: exim-users
Subject: Re: [Exim] virus checking and exim
> Afternoon,
>
> I know this seems to get mentioned everytime an "I love you" or
> "melissa" raises their ugly heads.
>
> But I have been asked by the PHBs to investigate what options there
> are when it comes to using virus checking software with exim and whether
> any of them are really any good.
>
> Since we use exim exclusively this seemed a good place to get flamed. :-)
>
> I don't want to start a "oh no you dont want to do that its unethical"
> discussion more a "heres what we do/dont do and its brilliant/a turkey"
> kind of thing.
>
> Feel free to mail me directly if you want to keep this off list.
>
> Thanks for your time.
>
> Paul Osborne
> UKC Computing Service
>


We refuse all recognised executables using the filter and scan
recognised doc and xls files with amavis using Dr Solomon's/McAffee
uvscan, generating errors back to the senders. We chose uvscan
because we had a site license for antivirus toolkit of which this is
the Unix component. This works pretty well. Some files will slip
through, but it gives the campus good protection from an outbreak
spreading by email. If things aren't caught on the way in they tend
to get caught on the way out.

I'd like to scan all attachments but cuyrrent hardware isn't fast enough
to scan without delays and people tend to get annoyed if email gets delayed
by more than a few minutes. This summer we plan to much faster system
enabling an iincrease in scanning.

Be aware that at some point you can't scan and stuff will get through.
For example password protected zips, securely encrypted email, etc so
you will never get 100%. Some people quarantine unscannable things, but this
is labour intensive and an option only if you are awash with staff.

Refusing executables is well worth it. We did an analysis on what was
caught (see page 18 of
www.is.bham.ac.uk/publications/bulletin/october00/iscoct.pdf). For a
University there are a lot of other benefits.

As for the ethics its worth having a published policy and suitable conditions
of use/AUP.

Chris Bayliss
IS ICSD PT GWNN
The University of Birmingham