Date: Fri, 07 Dec 2001 10:48:19 +1100 From: Tony Landells <ahl@austclear.com.au> To: "KD Computers - Adam" <adam@kdcomputers.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: McAfee VirusScan for FreeBSD Message-ID: <200112062348.KAA23637@tungsten.austclear.com.au> In-Reply-To: Message from "KD Computers - Adam" <adam@kdcomputers.com> of "Thu, 06 Dec 2001 12:57:58 MDT." <GDELKMOLJCHICOIJNDJGCEFMCAAA.adam@kdcomputers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
We've been running MacAfee for some years and I can't say I'm that impressed. Yes, the licensing is per protected user. Trying to justify dropping everything in one mailbox, or something is just cheating. The whole thing is an "honour system" anyway--they can't really count how many users are protected, but if there's a problem and they need to look at something, they'll find out pretty quickly what's happening. Support for UNIX seems very much a secondary concern. When the Melissa virus came out we had to wait about three months for a fix that was immediately available for NT (because that's how long it would be before the current scan engine made it to UNIX, and the new scan engine was needed to detect Melissa--I don't know exactly how long the newer NT engine had been out before we were told we still had three months to wait...). When we spoke to them about their automated e-mail gateway, there were several features in the NT version that weren't in the UNIX version (like their Outbreak Manager, which "quarantines" under various conditions, such as receiving a large number of e-mails from a remote host in a short period of time). The licensing is also weird. Under MacAfee it wasn't that expensive for us to just run uvscan (on-demand UNIX scanner) on our file servers. Once NAI got hold of it, we had to buy their Total Virus Defence Suite to get uvscan, which was significantly more expensive. And then when we started looking at an automated gateway they told us that we didn't have TVD licenced... I'm currently in the process of talking to Sophos to find out their pricing. From what I've seen, their support of UNIX is MUCH better. They also send out an updated CD with the latest software every month, and understand more versions of UNIX (many more). They don't have an automated gateway thing, but know about Amavis and suggested that (which also shows they know what's going on in the real world). Looking at their site recently it looks like an automated gateway isn't necessarily that far away though. They also support logging to syslog (yay!). Another interesting thing is that we ran a demo version of Sophos to compare the results with MacAfee over a filesystem with about 150,000 files. MacAfee ran marginally faster (1.5 hours vs 1.75 for Sophos). The real surprise is that MacAfee said it didn't scan 41 files (and gave reasons for only 2); while Sophos said it couldn't scan 516 files, 285 of which were password-protected (most of the others it said were corrupt). The few checks I've done seem to support Sophos on this... I don't know, but I'm very nervous about something checking for virii that doesn't even seem to know what the files are or whether they're password protected! And while it's a very minor issue that I'm sure could happen to anyone, I wasn't impressed when one of the MacAfee updates decided that the string AnnaKournikova.jpg.vbs was a virus, making it impossible to discuss the virus, or even report this problem to MacAfee via e-mail... Personally, I've not been impressed with NAI at all and we're only running MacAfee through momentum, but I expect that to change in the very near future. YMMV. Tony -- Tony Landells <ahl@austclear.com.au> Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112062348.KAA23637>