Vexira with MS?

Fri Oct 17 16:18:32 IST 2003

Thanks for the clarification on Kaspersky...

It wasn't immediately evident that they sold a mail server version. I simply clicked the "For Linux Users" link on their home page and was taken directly to the Kaspersky Anti-Virus for Linux File Server. Had to go into the Small and Medium Business section to find references to their mail server products. Why can't anyone make web sites intuitive? 

We don't need the "mail server" version in most cases, just the command-line scanner. Whether our uses with MailScanner imply a mail server license (as opposed to a file server license) is...

- open to debate
- not clearly spelled out in the license agreements (as is the case with f-prot)
- and will probably vary according to who you talk to at each vendor.

In some cases (as is the case with Trend), you cannot simply buy the command-line scanner on its own (even if the licensing works out). You need to buy Interscan VirusWall (which supposedly includes the command-line scanner, plus a lot of other cruft you probably won't use as a MailScanner user). More vendors are introducing mail server versions of their products (including even anti-spam controls). The pessimist in me says that this will make it increasingly difficult to obtain a simple commercial, command-line scanner to use with open-source alternatives. Let's hope that ClamAV continues to mature and deliver.

You may want to look at Command AntiVirus as well. Check recent posts on this subject. I was quoted $500/server by Command Software (regardless of # of users). You may be able to do better than that.

Nathan

-----Original Message-----
From: Larry Candelario Lugo [mailto:l_candelario at CRC.UPR.CLU.EDU] 
Sent: Thursday, October 16, 2003 1:05 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Vexira with MS?

Interesting all the comments posted regarding this, thanks to all.

Went to the icsa site as Chris suggested, and saw which vendors were
certified, though the last updated as of Dec. 16 2002, but at least let's
you
know which vendors are conscious about keeping their products certified.
Sure wish there was something like this Linux wise.  Still, the only
products
certified for Linux were eTrust and H-BEDV, and that was only regarding
detection, no Linux cerdtified product was found under cleaning; the other
certifications found were under the Internet Gateway certifications.

Curious though that of all the On-Line Antivirus available, the only one
certified is
HouseCall from Trend; what about all the other well-known, established
products?

The thing is, I've already checked the following vendor/product websites:

F-Prot, Kaspersky, F-Secure, McAfee, Sophos, Command, Nod32, Panda, RAV,
Antivir, Trend, eTrust, Bitdefender.  After checking the webistes, sent mail
to all
except F-Prot, RAV and Trend.  Only received replies from Nod32, Panda,
eTrust
and Bitdefender.

Of all, the least expensive (on a user/mailbox basis) was Bitdefender who
gave a
1 server/4,000 mailboxes quotation of $1,940. Then again, Bitdefender is not
one
of the certified products.

Nathan, for Kaspersky, the $370 if for a Linux file server; for a Linux mail
server
the cost is per mailbox, and for 500 it's $2,045.  For McAfee, the info is
pretty
confusing; for VirusScan for Unix all I get is an option to register the
product,
can't find anything about cost (though when I looked before a few days ago I
found something about $11.60 per server, but can't find that page/info
again).
The way they present the product, VirusScan for Unix is also seen as for a
Unix/Linux file server.  As for eTrust I'll check it out, since with the new
naming
structure everything is now under "eTrust Antivirus", there's no longer the
old
naming convention of InoculateIT, etc., but the pricing is definitely
atractive.

What I'm seeing is that server licenses/costs are intended for Samba/File
Servers
while mailbox licenses are intended for mail servers. Correct me if I'm
wrong,
but is it really necessary the mail server version, or can I use the file
server version
since MS is the application that will then call the AV for the mail scanning
process?

As for Vexira, it's too bad what Nick mentioned of their people not being
more
cooperative in order to make it work with MailScanner. Still, it seems like
a product
that's had acceptance, especially since this year, and since our campus
doesn't
have too much of a budget it looks like the more appealing offer. And I
agree with
Antony in that if something is good, works, and fulfill its expectations,
then it's okay
with or without certification.

Guess the question would be supposing we opt for Vexira or a combination of
AV:
Could we use MS with Sendmail and SpamAssassin, specify "none" as the
antivirus,
and use Vexira on its own? Or maybe use the McAfee or Panda free comand line
with
MS while also using another AV on its own?

Again, thanks for all the postings that were made,
Larry

----- Original Message ----- 
From: "Chris Trudeau" <chris at TRUDEAU.ORG>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, October 15, 2003 12:23 PM
Subject: Re: Vexira with MS?

In addition, its important to point out that companys that SHOULD be able to
afford it...don't because they're products have some difficulty keeping
up...

check the archives for notable virus scanners that start with an "F" and end
with a "prot" that seem to always be behind in rolling out def files.  These
guys don't seek/stay certified because they can't seem to keep up with the
requirements...

The guys at ICSA Labs do a good job of notifying program members when issues
arise and they need to be addressed by the vendors.  The program is
expensive, but provides the common baseline to me the consumer, that the
product meets a certain set of standards.

As for iptables vs checkpoint...its a similar arguement...if I am
responsible for a large amount of dollars rolling in the door...I'm going to
pay for the mission critical stuff, because I have a scapegoat and
"support".  If I deploy iptables (and I have) then I buy support from the
distribution vendor.

Nobody ever got fired for hiring IBM  :)  to that end, nobody ever got fired
for buying an AV product that is certified...(maybe)

CT

----- Original Message ----- 
From: "Nathan Johanson" <nathan at TCPNETWORKS.NET>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, October 15, 2003 10:50 AM
Subject: Re: Vexira with MS?

In that case, I wonder where BullGuard AntiVirus for Windows XP Professional
got the money to afford the certification :) Vendors like eTrust, McAfee,
and Symantec I can understand, but BullGuard... Never heard of it (and it
only supports one XP Pro?).

http://www.icsalabs.com/html/communities/antivirus/certification/certprod.shtml

Nathan

-----Original Message-----
From: Antony Stone [mailto:Antony at SOFT-SOLUTIONS.CO.UK]
Sent: Wednesday, October 15, 2003 7:41 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Vexira with MS?

On Wednesday 15 October 2003 3:22 pm, Nathan Johanson wrote:

> Funny, there are some notable scanners missing from the certification
> list.

Well, ICSA certification is a very expensive process, and not all companies
can afford to go through it for the difference it might make to their sales.

Also, once a company has certification, it continues to be expensive,
because
you need to pay for retesting of new versions of the software as they're
released.

I think it's one of those things where some people want to pay for a product
with a certificate (and don't mind the extra cost that adds on), some people
want to pay for a product which works (and prefer to save money if it's less
than a competing product with the added certification cost).

eg: Some people buy Check Point firewalls for $$$$ (or ££££ etc) - some
people know that Linux/netfilter/iptables can do the job they need, so they
use that, even though it hasn't got the certification the Check Point
product
has.

Antony.

> -----Original Message-----
> From: Chris Trudeau [mailto:chris at TRUDEAU.ORG]
> Sent: Tuesday, October 14, 2003 8:13 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Vexira with MS?
>
>
> be aware that using just ANY AV could be risky...there are a lot of
> posts
> about the viability and inability of certain vendors to provide
> libraries in
> a reasonable period of time after an outbreak on this list (see
> archives).
>
> Take a look at this site:
>
> http://www.icsalabs.com/html/communities/antivirus/certifiedproducts.shtml
>
> icsalabs..is an extension of TruSecure Corp and they provide a
> certification
> program for security products including firewalls and VPNS.  Their AV
> certification lab is well run and up to date on which products are
> certified.  There is certain criteria that the labs requires of member
> product vendors such as 24-hour release of signatures and several other
> standard requirements.
>
> I have always been a proponent of knowing what I'm buying, so making a
> purchasing requirement such as an ISCA certification is an easy
> decision.
>
> CT

-- 

Your email has been returned due to insufficient voltage.