James wrote regarding '[ee] Sober.z response (lack) from Symantec' on Mon, Nov 28 at 13:06:
[...]
> users know what to and not to do. We are a small shop and for now, we can't
> justify the cost of an Exchange server and I have no faith in my ability to
> keep a *nix box secure much less a sendmail MTA. Please don't turn this into
> a "...you can do it all with Lee-nucks thread." I simply don't have time,
> and I don't believe it based on prior attempts.

I'm obliged to mention that Sendmail is hard to configure even if you
*know* what you're doing, let alone if you don't.  Then I have to
suggest looking in to postfix - it has a soild user community and
most of the popular spam and antivirus software has postfix-specific
documentation.  Postfix is easy to configure, too.  I'll resist the
urge to say that you could run it on a Linux box (though that's what I
do, and I'd personally be happy to help you configure your machine to
your specs simply as a way of giving back to the community), since
postfix also works real nicely on OS X and the other BSDs. ;)  It's
also secure (in that it's not an open relay) in a default install. :)
It would probably build alright under Cygwin, if you insist on a
Windows box.

> A. Somebody please prove me wrong? It just can NOT be that Symantec still
> doesn't have an entry for Sober.Z a full week after its detection.

Symantec hasn't made anything useful for years.  Why would their A/V
software be any different?  It's expensive and loads all sorts of crap
that wastes memory / slows your machine down.  IMHO, of course.

> B. Is there a place were people talk about this sort of thing? A PICList for
> the Anti-virus crowd? Is Slashdot a good place to post this question?

Post on /. and you'll get a hundred posts telling you to run Postfix,
75 telling you to run exim, and 50 for qmail.  All of them will tell
you to use Linux, except for a couple of BSD people.  I'll copy and
paste my response from above. :p

> C. What can I do to make darn sure we don't get infected? Is there a good,
> stable, simple system for stopping virii (and hopefully also spam) BEFORE it
> gets to the MTA? I am aware that spampal can be run as a W32 service, but I
> also see a lot of people have had trouble with it and the developer does not
> inspire me with great confidence. 
> 
> I would be interested in a good, well reviewed and respected program SMTP
> filter program for NT, even if I have to pay for it. I wish f-prot had one.
> Their only solution other than their Exchange server support, seems to
> involve them acting as the MTA and forwarding the emails to us which is not
> acceptable.

I use Mercury/32 on Windows when I need an SMTP server under Win32.
It's a nice stable program which runs pretty well on the MS client OS
variants (so you don't need to spring for 2003 server) and it's quite
configurable.  There are pretty easy dialogs to set up global
filtering on particular terms, message attributes, etc.  And it's
free-ish (made by the Pegasus mail people, IIRC).

However, if you have a working mail server (I'm gonna point out again
that lots of people use *nix-based mail servers for a reason other
than geeky pride), I'm a big fan of using dspam to detect spam *and*
viruses.  Its adaptability makes it work well for detecting viral
emails as spam - it catches all of the viruses I get.  It woudl work
well for you in its SMTP relay mode, where incoming mail would go
through DSPam first, then get relayed to the main mail server.  Using
the quarantine functionality (you have a web server that can handle
CGI, right?) potential spam gets held on the proxy rather than being
delivered, so you can set the threshold fairly low and let users
decide what they want to get through.

DSpam is at http://dspam.nuclearelephant.com/
Postfix is at http://www.postfix.org/
Mercury/32 is at http://www.pmail.com/overviews/ovw_mercwin.htm
Ubuntu Linux is at http://www.ubuntu.com/ ;)
Cygwin is at http://www.cygwin.com/

I'm quite serious about helping, BTW.

--Danny
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist