View previous topic :: View next topic |
Author |
Message |
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 4:48 pm Post subject: Virus? |
|
|
Hi,
This kinda annoys me...Its quite often that I recieve a mail from some business partner that contains a virus....Since Im a *nix user I dont care about them. But unfortunately I sometimes forward the mail to other business partners...mail+virus that is....
Result: Im sending out virus from my Gentoo box.
Solution: ?
AV software for Linux is not half as good as for Win. I have tried allmost all, and they just dont work...What do u use?
The question could also apply to a Linux mail-server...Of course there should be AV on a mailserver. But there is none that is even half as good as for Win....Erhm? _________________ regards,
Supermule |
|
Back to top |
|
|
Liathus Apprentice
Joined: 21 Mar 2003 Posts: 163 Location: Fargo, ND
|
Posted: Fri Aug 22, 2003 5:04 pm Post subject: |
|
|
I think you are just plain wrong about the mailserver portion of your comment. I run a medium sized linux mail server on sendmail. The server does virus scanning, file extention blocking, and spam blocking. And it wasnt that hard at all to setup as it is all managed from one interface.
I suggest you check out MIMEDefang from at www.roaringpenguin.com/mimedefang
If your server is running that you will have no problems :)
As for a client solution... don't really know as I use the above mentioned methods to sanatize my mail. |
|
Back to top |
|
|
Cossins Veteran
Joined: 21 Mar 2003 Posts: 1136 Location: Copenhagen, Denmark
|
Posted: Fri Aug 22, 2003 5:07 pm Post subject: |
|
|
How can you unintentionally forward an attachment? Unless of course it's one of those VBScript things...
But you're right, there is almost no AV software for Linux, as vira isn't a problem.
- Simon |
|
Back to top |
|
|
Chickpea l33t
Joined: 03 Jun 2002 Posts: 846 Location: Vancouver WA
|
Posted: Fri Aug 22, 2003 5:13 pm Post subject: |
|
|
funny that you mention AV software because I simply have not worried about getting viruses on my Linux box. I also dont open or forward attachments.
I think it was mentioned before on the forums that you would have to almost intentially send a virus thru email. But what is this thing about VBscripts? |
|
Back to top |
|
|
Lycander Guru
Joined: 10 Apr 2003 Posts: 468
|
Posted: Fri Aug 22, 2003 5:19 pm Post subject: |
|
|
How about switching to a web-based email interface? Would that help prevent at least you from spreading (unintentionally) viri to other people? _________________ * Blessing /dev/hda2 with holy penguin pee |
|
Back to top |
|
|
Cossins Veteran
Joined: 21 Mar 2003 Posts: 1136 Location: Copenhagen, Denmark
|
Posted: Fri Aug 22, 2003 5:22 pm Post subject: |
|
|
Chickpea wrote: | But what is this thing about VBscripts? |
I'm not sure, but I think it is possible to spread a virus through e-mail by implementing a VBscript which will be executed by Outlook Express, and then (for example) send itself to everyone in the contact list. Of course this has no effect on Linux machines, but if you send the e-mail containing the virus to someone with Outlook (Express) it will be furtherly spread...
- Simon |
|
Back to top |
|
|
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 5:47 pm Post subject: |
|
|
Cossins wrote: | How can you unintentionally forward an attachment? Unless of course it's one of those VBScript things...
But you're right, there is almost no AV software for Linux, as vira isn't a problem.
- Simon |
Wrong...Vira is a problem. Even if Linux makes your world better you cannot neglect all those Windows boxes.
And to answer your question: I dont "unintentionally" forward an attachment...you know, even if the attachment isnt "iloveyou.vbs", it could still be infected. Its the nature of the beast. I cant see if a given attachment is infected. _________________ regards,
Supermule |
|
Back to top |
|
|
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 5:50 pm Post subject: |
|
|
Liathus wrote: | I think you are just plain wrong about the mailserver portion of your comment. I run a medium sized linux mail server on sendmail. The server does virus scanning, file extention blocking, and spam blocking. And it wasnt that hard at all to setup as it is all managed from one interface.
|
I dont think so Im afraid. Even VirusBulletin and the manufactures themself admit that their AV software for Linux/unix isnt as good as for Win....
Sad but true...Lets me ask you this: In your environment: How long did it take your AV vendor to react to Sobig and Blaster? And what vendor is it? _________________ regards,
Supermule |
|
Back to top |
|
|
Cossins Veteran
Joined: 21 Mar 2003 Posts: 1136 Location: Copenhagen, Denmark
|
Posted: Fri Aug 22, 2003 5:50 pm Post subject: |
|
|
Since when have viruses become a problem on Linux?
And no, it can't be a virus unless it has some suspicious ending, like .bat, .pif, .vbs, .exe or even .js.
- Simon |
|
Back to top |
|
|
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 5:53 pm Post subject: |
|
|
Lycander wrote: | How about switching to a web-based email interface? Would that help prevent at least you from spreading (unintentionally) viri to other people? |
No...The virus could be a part of an attachment.
And the problem is even bigger: Suppose I want to install the company mailserver on Linux. Well, I need/want/desire/must_have a centralized AV solution. Which? U see the problem? _________________ regards,
Supermule |
|
Back to top |
|
|
Liathus Apprentice
Joined: 21 Mar 2003 Posts: 163 Location: Fargo, ND
|
Posted: Fri Aug 22, 2003 5:54 pm Post subject: |
|
|
Quote: |
I dont think so Im afraid. Even VirusBulletin and the manufactures themself admit that their AV software for Linux/unix isnt as good as for Win....
Sad but true...Lets me ask you this: In your environment: How long did it take your AV vendor to react to Sobig and Blaster? And what vendor is it? |
My virus scanning is done by mcaffee's command line scanner for linux. It uses the same dat files that windows versions use. So I had the fix just as fast as their windows clients.
Just because you don't know about good solutions doesnt mean they don't exist. |
|
Back to top |
|
|
Liathus Apprentice
Joined: 21 Mar 2003 Posts: 163 Location: Fargo, ND
|
Posted: Fri Aug 22, 2003 5:56 pm Post subject: |
|
|
I forgot to mention that even if I didnt have the definitions that found Sobig it wouldnt matter. Like any good email administrator I block potentially harmfull file extensions... like .pif .scr .com .exe and so on... |
|
Back to top |
|
|
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 6:18 pm Post subject: |
|
|
Liathus wrote: |
Just because you don't know about good solutions doesnt mean they don't exist. |
True...That is why I asked. (?)
Running thru the test-results of Unix/Linux AV - and compare them with Windows applications does however show up some lacks in the *nix scans. (VBulletin and Av-test.org)
Perhaps Nai is one of the better....I dont know - But I'll try to test it. Have u had any experience with Nai on the server? (mail) _________________ regards,
Supermule |
|
Back to top |
|
|
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 6:21 pm Post subject: |
|
|
Liathus wrote: | I forgot to mention that even if I didnt have the definitions that found Sobig it wouldnt matter. Like any good email administrator I block potentially harmfull file extensions... like .pif .scr .com .exe and so on... |
It would matter..50% of all sobig viruses I have seen is detected as part of a compressed file. You have to block all attachments to say "it doesnt matter". _________________ regards,
Supermule |
|
Back to top |
|
|
Liathus Apprentice
Joined: 21 Mar 2003 Posts: 163 Location: Fargo, ND
|
Posted: Fri Aug 22, 2003 6:22 pm Post subject: |
|
|
Yes. Thats where i run Nai. Its used as part of the mimedefang program that i mentioned before.
Of course if you dont use sendmail, you could use amavis, which will work on postfix and the such. |
|
Back to top |
|
|
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 6:30 pm Post subject: |
|
|
Liathus wrote: | Yes. Thats where i run Nai. Its used as part of the mimedefang program that i mentioned before.
Of course if you dont use sendmail, you could use amavis, which will work on postfix and the such. |
Yes...found the link to amavis on the mimedefang website. Seems quite nice. _________________ regards,
Supermule |
|
Back to top |
|
|
Liathus Apprentice
Joined: 21 Mar 2003 Posts: 163 Location: Fargo, ND
|
Posted: Fri Aug 22, 2003 6:31 pm Post subject: |
|
|
Ive never used amavis, since i can use mimedefang. But i have some friends that administer postfix mail servers that swear by it. |
|
Back to top |
|
|
Supermule Guru
Joined: 05 Mar 2003 Posts: 510 Location: /denmark/fyn
|
Posted: Fri Aug 22, 2003 6:37 pm Post subject: |
|
|
Liathus wrote: | Ive never used amavis, since i can use mimedefang. But i have some friends that administer postfix mail servers that swear by it. |
mmm...Im a postfix guy myself, so this is good reading. _________________ regards,
Supermule |
|
Back to top |
|
|
|