From owner-freebsd-security  Tue Mar 13 13:57:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from dell.dannyland.org (dell.dannyland.org [64.81.36.13])
	by hub.freebsd.org (Postfix) with ESMTP id EE38537B71D
	for <freebsd-security@freebsd.org>; Tue, 13 Mar 2001 13:57:33 -0800 (PST)
	(envelope-from dannyman@toldme.com)
Received: by dell.dannyland.org (Postfix, from userid 1001)
	id 10A505BF7; Tue, 13 Mar 2001 13:57:42 -0800 (PST)
Date: Tue, 13 Mar 2001 13:57:41 -0800
From: dannyman <dannyman@toldme.com>
To: James Wyatt <jwyatt@rwsystems.net>
Cc: Will Mitayai Keeso Rowe <mit@mitayai.net>,
	freebsd-security@freebsd.org
Subject: Re: Virus Scanning Software for FreeBSD
Message-ID: <20010313135741.I3500@dell.dannyland.org>
References: <NEBBIEGPMLMKDBMMICFNCEPPELAA.mit@mitayai.net> <Pine.BSF.4.10.10103122000480.72725-100000@bsdie.rwsystems.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.BSF.4.10.10103122000480.72725-100000@bsdie.rwsystems.net>; from jwyatt@rwsystems.net on Mon, Mar 12, 2001 at 09:04:02PM -0600
X-Loop: djhoward@uiuc.edu
X-URL: http://www.dannyland.org/~dannyman/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Mar 12, 2001 at 09:04:02PM -0600, James Wyatt wrote:
> I have an eval copy of a product that looks promising: Sohpos antivirus.
> 
> 	http://www.sophos.com/products/antivirus/savunix.html

I have been using Amavis and Sophos together for a while now.  I must say that
Sophos have been good to us.

[...]
> Updates are monthly CDs and urgent updates are available as downloads.

I have a cron that runs every five minutes to grab the latest identities from
their web site.  We are very secure against even the trendy virii, and it is
kind of fun to respond to a ticket from a well-meaning user warning us of a
new virus that "we have been scanning for this virus since 9:30AM yesterday."
:)

If anyone wants the script, e-mail me.

> Our intent is to have it go after SMTP, HTTP, and FTP if we can and to
> scan the Samba partitions for file infections. It handles uSoft Office
> products like Word(tm) docs and such.

It can open archives and stuff too.  I haven't used Intercheck yet, but that
looks like a very clever idea - your Windows clients contact the unix server
for virus identity updates.

> Best of all, they support FreeBSD so we should support them, right? - Jy@

Amen.  They seem pretty sucessfully multi-platform.  Were they truly clever
they'd submit a port so you could eval their software. :)

-danny

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message