Re: Why Anti-Virus Software Cannot Stop the Spread of Email Worms

[Mark Drummond <mark.drummond () rmc ca>]

Matt Curtin wrote:
>   becoming infected and how they can protect themselves in the
>   future. Here we argue that this approach to the problem, though
>   popular, is fatally flawed and simply cannot work.

Why not just use SMTP based virus scanning at the perimeter? Works great
for me and seems to already solve this problem very nicely. Automated
downloads of virus definition files and the truly paranoid can string
multiple scanners together for greater protection. My MX is a Sun E250,
dual 300MHz UltraSPARC II's, handling ~150,000 inbound messages per
month, which is not much really, and the machine is largely sleeping
away it's existance. Every one of those emails is scanned, including
attachments, using McAfee's uvscan. Infected messages are quarantined
and the originator is sent a warning message.

Educate users? That's funny! Trying to get my users to take 30 seconds
out of their day to read a 4 line CRITICAL VIRUS WARNING message is hard
enough. Trying to actually get them to take the time to LEARN how these
things work is asking the impossible. While eductaion is a great idea,
it is simply to idealistic, at least where I work anyway. We have no
choice but to implement technical solutions to protect out users from
others, and themselves.

med