Saturday, February 28, 2004

Mail defense in depth

If you've designed things properly, you have a non-MS mail handler, just in side you r firewall, that scans for viruses and spam before handing the mail off to your local Exchange box which also allows you to script filters in case of emergency so that this doesn't happen.

This can be done with Linux or FreeBSD (or variant), Sendmail/Postfix/QMail/etc., and Perl. Many commercial anti-virus vendors sell *nix versions of their scanners. The key technology here is Perl. If you watch your network metrics, you'll notice virus outbreaks before they're news on the anti-virus sites. A quick analysis allows you to write emergency filters to quarantine or delete traffic until such time that the vendors issue signature updates.