Commercial virus checker failed ...

Scott Farrell sfarrell at ICCONSULTING.COM.AU
Tue Jan 8 23:44:37 GMT 2002


For me it would be fail over.

Occaisonally the virus update definition from CA for innoculate fails, and
corrupts the whole of innoculate for a while, until you either reinstall,
or wait for the next update (ugly).

So in my case failover to the second scanner would be great.

This probably also applies to DoS - it may not DoS both scanners at the
same time.

regards
Scott Farrell

http://www.icconsulting.com.au
ic Consulting - the people that make eBusiness happen.
We offer e-business consulting and perform services. We deliver high impact
consulting, and fast turn around projects for our clients.
Ask us about Web Content Management,  Web Self Service, or working closer
with your customers or suppliers.

0412 927 156,   02 9411 3622  mailto:sfarrell at icconsulting.com.au



                    "Michael H.
                    Warfield"                 To:     MAILSCANNER at JISCMAIL.AC.UK
                    <mhw at WITTSEND.COM>        cc:
                    Sent by:                  Subject:     Re: Commercial virus checker failed  ...
                    MailScanner
                    mailing list
                    <MAILSCANNER at JISCM
                    AIL.AC.UK>


                    09/01/02 07:29 AM
                    Please respond to
                    MailScanner
                    mailing list




On Tue, Jan 08, 2002 at 05:54:44PM +0000, Nick Phillips wrote:
> On Tue, Jan 08, 2002 at 07:32:16PM +0200, Nikolay Kabaivanov wrote:

> > ______________________________________________________________________
> > Jan  8 19:00:54 octus mailscanner[16926]: Going to scan 1 messages
> > Jan  8 19:00:55 octus mailscanner[18781]: Commercial virus checker
> > failed with real error: Can't run commercial checker: No such file or
> > directory at /usr/local/MailScanner/bin/sweep.pl line 302.
> > Jan  8 19:00:55 octus mailscanner[16926]: Scanned 1 messages, 13572
> > bytes in 1 seconds
> > Jan  8 19:00:55 octus mailscanner[16926]: About to deliver 1 messages
> >
___________________________________________________________________________
>
> It's not working. Have you set the right path to the f-prot wrapper in
the
> mailscanner.conf??
>
> > I do not run commercial checker. I use f-prot.
>
> That is a commercial checker for our purposes, even though they don't
charge for
> it at the moment.
>
> > I like to ask a question : Is there is a way to use 2 or 3 virus
checker
> > to check 1 message ?

> Not at the moment; there's not really any very good reason to do so, so
far as
> I'm aware.

        Actually there are several that I'm aware and it's a feature which
is a high priority to me.

        #1 Reason...  There are many occasions when one virus scanner or
another picks up a virus/worm and not the others.  No one product leads
the field in this and I've heard recommendations to run at least three
virus checkers in commercial development environments where deliverable
product is prepared.

        #2 Reason...  Sometimes one vendor is a little quicker than
others to update signatures, either due to updaing schedule or ongoing
research work - leading to reason #1.

        #3 Reason...  Nameology.  Sometimes virus checkers vary in their
terminology.  Correlating detection with field reports can be simplified.
Some may argue that this isn't a "good reason" while others may consider
it vital.  Depends on what you are doing with the information.

        #4 Reason...  Even when several virus checkers can spot a virus,
not all of them may be able to sanitize the material the same way or
may behave differently..

        All of the above boil down to reliablilty and reaction speed.
Depending on one virus vendor is not a safe bet.  While even combinations
of vendors can not be relied on totally (last virus go-round I worked on
we were fighting an infestation of the goner_a worm for 5 hours before
the FIRST vendor had their signatures updated and some were over a day)
having multiple vendors is more reliable than picking one and praying.
Next time, the guys (who I will not name) who came in first may be dead
last.  Especially at a critical trottle point like a central email server.

        Using multiple virus scanners is a lot like using multiple spam
identifiers.  SpamAssassin is the epitomie of this.  You are more effective
using multiple sources of information.

> Cheers,

> Nick
>
> --
> Nick Phillips -- nwp at lemon-computing.com
> You never know how many friends you have until you rent a house on the
beach.

        Mike
--
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!



More information about the MailScanner mailing list