Topic: Avira antivirus software instructs to get it, install it and run it

[janet]

purvis

I am continuing with virus detection, the effort is worth it.

To me your basic concept is wrong.
Virus definitions are updated with knowledge of new viruses when those viruses have been observed & detected & a suitable update developed, which can typically take a day or two or three or longer. Most companies who monitor virus activity throughout the world will identify new viruses around the same time, & therefore releases updates around the same time for their product, so no one company or anti virus software brand will have any significant time advantage over another.

So whether you have one, two, three or even four virus scanners functioning on your sme server scanning your email & files etc, I doubt there is any significant gain or improvement in the speed your system will detect & clean new viruses.
There will still be viruses that slip through initial detection by all four scanners, as in the first day or two or three, none of the four scanners knows about these latest viruses, so therefore cannot detect them.
The virus payload is usually targetted at workstation operating systems (eg Windows), so the workstation (or other susceptible devices) are where you should concentrate your secondary virus detection efforts, with systems configured for daily updates & scans, & ensure real time heuristic monitoring is enabled.

You could also look at using Dansguardian with the anti virus scanner enabled, to scan files downloaded from the net by people using your sme as a gateway, for an additional form of protection.

You did not specifically answer each of my questions about how your sme server is configured, without knowing the specific settings you have it's imposdible for me (us) to comment further re whether your sme server is doing the best posdible rejection of viruses etc. Remember many virus laden messages come from the same (server IP) sources as spam messages, so blocking spammers by using RBL's will dramatically reduce the amount of virus infected email messages as a n"additional benefit". Same applies for blocking virtually all known executable content including zipv1, most viruses will be blocked. Educate & force by system policy, your users to send rar compressed files instead of zip. Make sure you use server gateway mode as the sme server will perform better in that mode to reject "bad" messages which may coincidently include viruses.

[purvis]

Honestly and truly , thank you Mary.
What you say mostly is very true about how to setup server to do it's best.

But my servers will not be going into server-gateway mode.
I am happy with dedicated firewall routers bc our users are not allowed to browse the internet from the working lan but only by using computers connected remotely on another lan.
If your servers would never have a problem, then i could put them in server-gateway mode. But all kinds of things cause these servers to break and the dedicated firewall routers are more
dependable.
No computers are allowed on the lan but those I setup as long as I am living and I make my living from the work being done on those computers.
Files are not allowed to be transferred onto the lan except by me. I make those transfers.

I do not depend on a user doing as I ask them too.
That is like asking a male not to go to a porn site. If he can he will, that is guaranteed almost 100 percent.

Concerning email.
It would nice to let people read email more conveniently than having to access the email from a remote computer.
I am working on that. But you are very wrong about not hitting emails with all you got in a server.
In a real world environment like ours. There are emails that do come in from servers that do not meet email standards, such as missing dates and subjects, from very large companies.
Many businesses can do business with emails not being delivered. We are not fortunate to be one of those.

For write now, allowing spam email through is ok,  at least enough to the maillog account, because it give me a chance to see what is coming in.
We do not a have large volume of spam right now,because our email accounts are not listed on internet and apparently not in many other people's email clients.
I can stop spam marked email in all other accounts.

We will be scanning emails with antivirus software and other scanning techniques and use those techniques in the server first if they can run there.
I will also happy share any worth while techniques as they are developed.

[janet]

purvis

You can use server & gateway mode with the static IP option thus creating a DMZ for an additional layer of security.

With system policies in place on Windows workstations you can stop users "doing things they should not" and also prevent them from changing workstation setup etc, you can "lock down" your workstations very tightly indeed.

But you are very wrong about not hitting emails with all you got in a server.

I am not sure what you actually mean.
I do hit emails with "everything the server can do" and I receive very little spam & only the occasional virus infected email. Usually any virus infected email is sitting in the junkmail folder as spam techniques have already detected that message as being problematic.
That's a good example of the point I am making re anti virus "techniques", as detecting and/or filtering and/or blocking those spam source or spam content messages, does also detect virus laden messages due to common elements within them.

I referred to a secondary (ie additional) layer of virus protection being in the workstations, which should not be alterable by users. That is there to catch anything that occasionally slips through the primary layer of protection in the server, ie scanners & filters etc. It also protects the workstation from viruses coming from sources other than email messages. Real time & heuristic detection catches as yet unknown viruses.

The point I am making which you seem te be overlooking, is that multiple additional virus scanners (on your server) are not likely to prevent virus infected email messages "getting through" on "day 1" of a new virus being released. If all four scanners do not yet know about the virus then they will not detect it, so having four scanners gives no immediate benefit compared to one scanner.
Other server level techniques (such as those previously mentioned ie executable content in attachments is a good one. block spam/virus sources is also a good one  etc) which do not use or rely on virus definitions, are more likely to catch email messages with "unknown viruses" on "day 1".

Anyway you are free to do whatever you want & spend your time as you please, It's just to me that you seem to be investing time & research into areas that will not necessarily be that beneficial, & are covered by existing available techniques should you choose to use them.