From owner-freebsd-questions  Thu Dec  6  7: 9: 4 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from w2xo.pgh.pa.us (18.gibs5.xdsl.nauticom.net [209.195.184.19])
	by hub.freebsd.org (Postfix) with ESMTP id D1A9737B41A
	for <freebsd-questions@FreeBSD.ORG>; Thu,  6 Dec 2001 07:08:54 -0800 (PST)
Received: from there (pgh.nepinc.com [192.204.162.27])
	by w2xo.pgh.pa.us (8.11.6/8.11.3) with SMTP id fB6F8Tc04882;
	Thu, 6 Dec 2001 10:08:29 -0500 (EST)
	(envelope-from durham@w2xo.pgh.pa.us)
Message-Id: <200112061508.fB6F8Tc04882@w2xo.pgh.pa.us>
Content-Type: text/plain;
  charset="iso-8859-1"
From: Jim Durham <durham@w2xo.pgh.pa.us>
To: "KD Computers - Adam" <adam@kdcomputers.com>,
	<freebsd-questions@FreeBSD.ORG>
Subject: Re: McAfee VirusScan for FreeBSD
Date: Thu, 6 Dec 2001 10:08:32 -0500
X-Mailer: KMail [version 1.3]
References: <GDELKMOLJCHICOIJNDJGGEELCAAA.adam@kdcomputers.com>
In-Reply-To: <GDELKMOLJCHICOIJNDJGGEELCAAA.adam@kdcomputers.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thursday 06 December 2001 12:09 am, KD Computers - Adam wrote:
> Uhhh... Windows clients?  :)
>
> Majority of our clients are using windows based machines, all of
> which use outlook, and most of the users arn't smart enough to
>

I bought Sophos for our network with FreeBSD servers and a mixture of 
win 95, 98, ME, 2000 and XP clients. Very nice and they are really on 
top of things. They know what FreeBSD is and provide binaries for 
a.out and elf FreeBSD. The only negative there is that their binary 
is for the 3.x series and you have to load compat 3.x to make it work.

The only virus I've ever seen them miss was the "Goner". They missed 
this by about 2 hours at thissite. 

However, I am also using the Anomy "Sanitizer" after the virus scan 
and this fixed the "Goner". If you want to virus scan on the cheap, 
Anomy just rewrites any attachments you specify in the config and 
puts the phrase "DEFANGED" in the file extension so it won't open.
This eliminates a majority of the virii out there that play upon the 
vunerabilities in Outlook as you just don't allow .vbs and .exe files 
to pass unmolested. The only problem you'll face with Anomy is that 
the users will complain about not being able to open .exe that people 
send them as "legitimate" attachments.

You should also turn OFF the automatic opening of attachments in 
Outlook (What were they thinking...duh...).

Sophos is www.sophos.com. 
 
Jim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message