You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Kenneth Porter <sh...@sewingwitch.com> on 2005/11/23 22:06:27 UTC
Anti-virus strategy
--On Wednesday, November 23, 2005 10:07 AM -0500 Bowie Bailey
<Bo...@BUC.com> wrote:
> It's always good to have multiple layers. We have ClamAV on the mail
> server and Symantec Corporate Edition on the desktops. I haven't had
> any problems with Clam. We had a few Sober.U get through before the
> definitions updated, but that's expected with a new virus on any AV
> program (unfortunately).
Agreed. I use ClamAV on the mail server (under MIMEDefang) and Trend Micro
Small Business on my Win2003 and WinXP clients. (No Exchange here.)
> I have Clam installed with all the default options and I run freshclam
> a few times a day to keep it updated. It just works.
If you use the Clam DNS feature to check for new data files, you can set
freshclam to check every 15 minutes (when the DNS record expires). This is
a very light load (a single UDP packet in each direction to the Clam DB
server), esp. if you forward that domain to your ISP so that the ISP caches
it for other users. This lets you update your DB file very rapidly when a
new threat is identified. If you look at the white papers and testimonials
on Clam's site, you can see that they often have an update before
commercial vendors, and have responded as fast as 20 minutes from the first
report. That reduces your exposure window to the maximum of the time it
takes the DNS record to expire plus the response time of the data file
generator.