I've contracted to two gov't departments that ran antivirus software on
their SMTP machines.  Both had Lotus cc:mail as the server and McAfee
VirusScan as the scanner.  The two programs worked very well together, and
successfully captured many viruses, but there was a definite trade-off in
performance.  The admin overhead was also quite high as the antivirus
software had to be continually updated (sometimes as often as twice a day).
The other side of the issue is $$.  A *good* solution is going to be VERY
expensive.  Cheaper software may advertise that it will check email but take
that with a grain of salt.  Usually you'll find that they use a scanning
protocol that zeros in on a particular sort of virus (eg. MIME-encoded exe.)
and may completely miss others (eg. Word macros).  As always, before you
even consider a solution test it....then test it again....and again....and
again...

To answer your question, yes, mail server protection is completely different
to workstations.  Scanning incoming mail is very intensive as literally
every single e-mail must be scanned for virus-like code and, if found, the
code itself must be checked to see if it's a virus.  This may only add a few
milliseconds to the delivery of a message but when you multiply that by
thousands of messages each day it adds up to a sginificant amount....not to
mention the added load on the processor.  On a workstation the antivirus
software can sit in the background and only checks files as they are
executed or when the user requires it.  The rest of the time it just sits
there idle.

I hope this makes things a bit clearer for you.  :-)

> Chazzozz!!
>
> Michael Shannon
> [log in to unmask]
>
> This email message (and attachments) may contain information confidential
> to TOWER Software.  If you are not the intended recipient you cannot use,
> distribute or copy the message or message attachments.  If you are not the
> intended recipient, please notify the sender by return email immediately
> and delete all copies of the message and attachments.  Opinions,
> conclusions and other information in this message and attachments that do
> not relate to the official business of TOWER Software, are not given or
> endorsed by it.
>
>
> ----------
> From:         Marc Stober[SMTP:[log in to unmask]]
> Sent:         Thursday, 17 August 2000 1:06
> Subject:      Re: any virus scanning for LISTSERV / LSMTP ?
>
> That answers the performance part of my question, but it still leaves me
> wondering. I'm familiar with NAV as a tool to protect workstations. But,
> workstations don't listen for SMTP connections on port 25, and then pass
> than information along unopened. Would a virus even be recognizable to a
> such software before a message has had it's attachments unpacked by a mail
> reader? I've seen antivirus software advertised specifically for an
> Exchange
> server, but I don't know if this is more of a marketing issue or that mail
> server protection is conceptually different from workstation protection.
>
> = Marc Louis Stober
> = Systems Manager
> = The United Synagogue of Conservative Judaism
> = [log in to unmask]
> = http://www.uscj.org
>