From owner-freebsd-security Mon Sep 9 5: 5:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E6A337B400; Mon, 9 Sep 2002 05:05:45 -0700 (PDT) Received: from gamma.star.spb.ru (gamma.star.spb.ru [217.195.79.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EA5643E4A; Mon, 9 Sep 2002 05:05:43 -0700 (PDT) (envelope-from nkritsky@internethelp.ru) Received: from green.star.spb.ru (green.star.spb.ru [217.195.79.10]) by gamma.star.spb.ru (8.9.3/8.9.3) with ESMTP id QAA41885; Mon, 9 Sep 2002 16:05:32 +0400 (MSD) Received: from IBMKA ([217.195.79.7]) by green.star.spb.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id SSBRQ2A2; Mon, 9 Sep 2002 16:05:31 +0400 Date: Mon, 9 Sep 2002 16:05:29 +0400 From: "Nickolay A. Kritsky" X-Mailer: The Bat! (v1.49) Personal Reply-To: "Nickolay A. Kritsky" X-Priority: 3 (Normal) Message-ID: <318821464.20020909160529@internethelp.ru> To: Lawrence Sica Cc: freebsd-security@FreeBSD.ORG, freebsd-doc@FreeBSD.ORG Subject: Re: Fwd: Anti-virus section for FAQ In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello Lawrence, Friday, September 06, 2002, 10:23:43 PM, you wrote: LS> Oops, helps if I post the url eh ;) LS> http://www.thesicafamily.org/larry/articles/avfaq.html I would like to add to this list following AV solution: "Procmail Email Sanitizer" - http://www.impsec.org/email-tools/procmail-security.html To comment the FAQ itself. I do not think that just the list of antivirus packages is a good answer for FAQ. The thing is, that freqentissimus AV-related question sounds like "What is the best AV for freebsd/sendmail/qmail?" not just "What kind of antiviruses do you know?". I think, that it would be truly useful if people, who have an experience with setting up AV on FreeBSD share their knowledge with us in the manner like this: ;--------------FAQ entry start Q. What are the pros and contras of "Procmail Email Sanitizer"? A. Pros for me 1. It is free. 2. It is quite simple to understand and tweak, because it is written with Perl and procmailrc(see man) and all sources are open. 3. It does not rely on signatures provided by vendor, but uses another algorithm of filtering (see webpage for details). Thus it can stop many virii(viries?) before they are known to public. 4. It has support, which consists of mailing list (never tried) and John Hardin (the developer) who was kind and answered some of my questions. 5. It works. It has not failed yet. But see contras. Contras for me 1. I never used it for stopping MSOffice-based virii. May be it can do it, maybe not. 2. I had to read and understand `man procmailrc'. But maybe it is from "pros" part. Resume: Use it to stop EXE/HTML/JScript/VBScript - based virii and trojans. If somebody has tested it with MSOffice based virii - can you tell me what you think about that? ;--------------FAQ entry end ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message