[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Norton AV for Firewalls?
We're using the 1.04 version here and it works quite well. I've tried the 1.5X version and found it to be utterly useless! The version which is on CD does not properly strip out attachments with a specified extension. For example in the config we define .vbs to be stripped out of all email, 1.5x fails to do this. I contacted Norton about it and they gave me access to a new version of 1.5x which I tried. In this version the stripping works but there is a more serious problem. When the attachment is found to have a virus the NAV server tells the firewall that the message is denied. When the firewall sees that, it send the WHOLE message (including the virus) back to the sender. We check both outbound, inbound and inter-office email here. That means that if a virus was initiated here on the network and sent to our mail server it would be stopped and sent back to the sender, not the optimal thing. 1.04 (if you can get your hands on it) works quite well. The only thing it does not protect against is the KAKworm, but the desktop version of Norton does detect it when Outlook saves the file to the TEMP directory. The only problem I have with Norton (all versions) is that the Administrative notifications tell me nothing. I wrote a program which receives the email generated by the admin notifications, connects to the NAV server, and sends me the headers of the infected email. That's worked quite well in telling me who the sender and recipient are. I'd be happy to make either source, binary or both available to you upon request. Daniel Katz-Braunschweig Network Specialist - Iona College MCSE, CNA, A+ -----Original Message----- From: Joe Voisin (FW1) [mailto:[email protected]] Sent: Thursday, November 09, 2000 11:46 AM To: FW1 List (E-mail) Subject: [FW1] Norton AV for Firewalls? Okay, What is the general thought here on Norton AV for Firewall? I have a license for it (we use Norton for desktops, so we have a Corporate license for it) BUT after what I have been hearing about it, I don't know if I want to install it and run it with FW-1. I will have to justify spending another 7150.00 dollars on InterScan VirusWall 250User Pack. (Candian Dollars. ;) What is everyone using for SMTP scanning on their network? I already have Norton AV running on the Exchange Server, but I really want to do some additional SMTP filtering before it even gets to the exhcange server. I'm currently doing this through a linux box and a procmail script I wrote to rip appart mime attachments to see what they are... saved our butt more than once already.. but seeing as I already have AV on the Exhcange Server, should I just be looking at something like MimeSweeper? Joe ====================================================================== Joseph Voisin, Systems Administrator, Engel Canada Inc. www.engelmachinery.com | * [email protected] |PGP Fingerprint: A20B 135D 0920 074F C7FE D72D 88A7 2521 5138 DFC2 ====================================================================== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|