Feedback About Last Week’s Virus Threat

Feedback regarding the virus threat from last week!

Way back when the AnnaK virus was going around, I decided (as the System Administrator) that receiving Microsoft Executable files was not worth the risk. I now refuse any e-mail with any executable attachment. This includes ZIP files. I originally used Norton AntiVirus for Exchange on an Exchange 5.5 server to do the blocking, but have since added a Linux based spam blocker mail filter machine in front of the Exchange server to filter e-mail for spam. I use Spamassassin and Amavis and have them give any e-mail with a MICROSOFT_EXECUTABLE a score of 50. This is WAY more than my threshold, so they all get blocked out before they even get to the Exchange Server and Norton AntiVirus.

The spamfilter is blocking about 95 percent of the spam. I went from dozens of spam per day down to about 1 every couple of days.This setup allows me to use DNSBL, Razor, Bayesian and a couple of custom filters. All through Spamassassin and Amavis. I even block e-mail based on the country of origin (we don’t get much REAL e-mail from foreign countries). The spam filter was installed on a surplus Pentium II 350Mhz machine I had laying around, and cost nothing other than my time to install and configure the software. It is MORE than adequate for the job. If a user REALLY needs to send a file into the system, they can rename it to a non-executable file, and include instructions for renaming it on the other end. So file.zip won’t get through, but file.zap will.

I haven’t had an e-mail virus get through since!

I use Sophos at work and at home, so far it’s caught every virus that’s come around our 40 desktops. At the e-mail gateway I have a two-fold approach - Guinevere, which is the gateway and has filtering capabilities, and Spam Assassin, which works with Guin. It’s been pretty efficient for a couple of years, but the spam is just now starting to make it through. Sad, but true. I’m not sure what’s next.

My solution: Postini through my Internet provider (love it, works beautifully). McAfee virus protection and firewall, Spybot S&D, and Ad-aware. I feel really safe, but still keep my guard up!

You asked for e-mail virus/spam solutions, so I thought I’d send you mine. Although my parents purchased Norton AntiVirus 2004 for their system, I decided that I wanted to go the cheap route. After being unhappy with AVG Free Edition, I found avast! 4 Home Edition, which I have now installed on a few of my other family members’ computers. As for spam, I use PopFile, simply because all I usually ever have to see of it is the squid in the system tray. It also works really well.

For the last several months I have been using Postini and it works pretty well. However I am getting ready to turn it off. Several reasons - after 4000 characters in your Approved list you have to start deleting characters. And cannot add words/phrases to the spam list, since there is little ability to customize.

What I will be using instead: Eudora Pro (paid version) with Junk installed, and Spamnix (which I am currently training) for Virsus eTrust EZ Antivirus with automatic updates turned on. I had been using this before Postini for several years and it always alerted me correctly.