F-Secure have released FSAV 5.40, which introduces two practical advantages as far as LISTSERV is concerned:
1. The kit includes Backweb. I don't remember off-hand, but I think you just have to check a box during the setup and it will install it automatically.
2. You can now install the free evaluation kit on F-Secure's web site and later upgrade it with the serial number you get from L-Soft when you purchase a license. With 5.30 you had to download the regular, non-evaluation kit afterwards.
There are also performance improvements in the scanning engines. Note that you will need a new serial number for 5.40, you can get it from support.
> I'm still debating whether to
> continue to use F-Secure at all, since all our servers have Sophos installed
> on them anyway,
A standard real-time AV scanner will provide almost no protection, even if you set it to scan all file extensions. To convince yourself, stop LISTSERV temporary, e-mail a copy of EICAR to the LISTSERV address and ask your AV (any AV, even F-Secure) to scan the resulting xxx.JOB file. The virus is first encoded to base64 text by your e-mail client, and then further encoded and formatted as a LISTSERV job file. There is no reasonable way for the scanner to find the virus in the job file.
Even if this could somehow be made to work, it would be very brutal on LISTSERV and you would probably get unwanted error messages. The other day, I was visiting a customer who happened to mention that they had a major problem with LSMTP. Being a nice guy I offered to take a look at it, and it turned out that they had a real-time virus scanner set to scan all extensions, and it had detected some kind of plain-text virus in a few of LSMTP's spool files, VBS or something similar. The scanner was set to delete all infected files but, for some reason (possibly the load/stress LSMTP placed on the system), it did not actually delete the files. Instead it wrote event log entries saying that file such and such was infected and had been deleted, again without actually deleting it. But it did block the process thread that wanted to open the file. Luckily there were a few less infected files than LSMTP had threads, so it was still working, but very slowly. After reconfiguring the virus scanner not to delete the files, LSMTP appeared to work more normally, although it did log a large number of errors. But it did not expect the strange error code it got when trying to open the files and retried now and then, writing more errors, etc.
In contrast, the AV feature in LISTSERV is a voluntary virus scan designed to avoid all these problems.
> in addition to the virus scanners on the mail relays before
> the email even gets to the Listserv machine.
This does provide good protection, but it does not cover everything. If you look at LISTSERV's virus statistics on your server, you will probably find that it is blocking a non-negligible number of viruses, even though you do have the central virus scanners. So far this has been the norm rather than the exception. The central virus scanner block the vast majority of viruses, but a few do get through. Having both the central scanner and LISTSERV's own scanner provides belt and suspender safety.
A lot of effort was put in the AV feature because it is the only reliable way to keep mailing lists virus-free. It would be nice if all you had to do was install a standard $39.95 virus program on your server and forget about it, but unfortunately it just doesn't work. It would also be nice if all AV systems had the same API and we could have made LISTSERV work with every product on the market, and it would be even nicer if AV software were free so we wouldn't have to pay royalties to anyone, but we did the best we could within the parameters we had to work with. The fact that it still catches viruses even when behind a central e-mail scanner that is supposed to stop all viruses shows that all this work was not for nothing.
Eric
|
