A bit OT - Urban Myths?

Pete French pete at twisted.org.uk
Wed Jul 16 15:53:48 BST 2003


> It's a bugbear of mine. How many viruses have you seen in the last five 
> years? One? Two? And how much does it cost in time, money, etc. to implement 
> proper virus scanning? Don't you feel it's all a bit out of proportion? 

I see at least one virus a week. Some days I find five or six in my mail
in the mroning - usually copies of the same one. I dont know why youj see
so few, but there are shedloads out there and we get them all the time.

Norton cost me twenty quid and five minutes to install it. If you ad in
a fiver for the cost of my time then thats 25 quid. On the other hand
the last timea virus got on the machine it trashed the entire filesystem
and made it unbootable. Gettign a second hard drive, installing a fresh copy
of Windows, then gettign Tiramisu (one of the finest bits of code ever written
IMHO) to run through it and recover files from the NTFS system, plus then
deleteing the 600 odd infected files it actually found. That was about six
days without a windows machine, plus there was a cerrtain quantity of stuff
which was unrecoverable.

So in answer to the question, no. Indeed it was the spate of incomming
virii last week (SoBig again I think) whichmadee me decide to try and get
them stripped out at the server end before they got anywhere near an
infectable machine.

> Plus, because I use FreeBSD, I don't think I've ever actually been affected 
> by a virus. EVER. In some 15 years of daily computer usage. Perhaps I'm 
> special. :-)

No, you arent special, you are just using an operating system for which there
arent any viruses. I dont think I'll get a virus on the FreeBSD servers,
nor do I think I am likely to get one n the OSX machine. But tthe nature of
a server is that its serviing end users, and alot of them do have Windows
machines. I dont want people relaying virii through my server, as it makes
life alot easier if none of my users catch , plus I dont want to go through
that data recover process all over again as it was very painful.

> Either 3 or 4. I liked 3, and wasn't sure about 4 at first, but I'm warming 

Me neither, but its been pretty sstable since we installed it. The one thing I
didnt like about it was that it can dumpmail silently under error conditions.
If you are upgradiing and using newsyslog to rotate your logfiles be very
careful to change the ownership ffrom root - or else the first time they
rotate (sart ofmonth for us - 3 weeks after the upgrade) then exim wont
be able to write to the logs and will drop the mail silently.

> Yup. It won't do UUCP either. It's a moden MTA for a modern world. Who wants 
> BSD 4.3? :-)

exim's older than you think - back when it came out 4.3 systems werent that
uncommon - SUNs that hadnt been upgraded to Solaris yet, plus all NeXT
systems. Besides, 4.3 is arguably the most influential UNIX release of all
time  - it deserves support for reasons of respect :-) 

I aree its not worth bothering with these days though (even if it does mean
I have to fight sendmail on the legacy machines)

> It *is* pricey though. Personally, if you want a simple setup, I'd go with 
> it - it is powerful at what it does. I just don't think virus scanning per 
> se is something that is as important as people pretend it to be.

Dpeends on your environment- you dont see any and dont have an infectable
machine. I see shedloads and have a lot of infectable machines (and have
been sseriously burned in the past). I'm quite envious of your environment :-)

-bat.




More information about the Ukfreebsd mailing list