On Oct 16, 2007, at 7:08 PM, Kevin Anderson wrote:
Hi Tom,
I used to work for a school district and we would have outbreaks of
Word macro viruses every once in a while. Those were the only
viruses that people would store on the server other than an
occasional .exe from their email. They had no effect on the server,
but the users would pass them on to others.
Presumably those "others" who could be affected should be running AV
sw rather than make the rest of the world suffer for their problems.
I had a script that would run the built-in version of clamav on
10.4.x Server and scan the user's shares during the weekend. It
would email me a list of infected Word docs and I would mount the
share from my workstation and clean the offending files with Norton
Anti-Virus. I would then contact the user who had the infected
files and let them know. Most of the time it was from work they
brought in from home. This way I avoided installing another anti-
virus application on the server, I used what was built-in already.
Not the best solution, but it worked. One thing to remember is that
running a scan on a large amount of data using clamav will slow
down the server.
Indeed. And as your filespace increases this increases exponentially
as a problem, soon consuming all resources on your system to corral
off "bad" files.
On the other hand, protecting systems at their borders makes more
sense than looking in everyone's homes for illegal aliens who might
have got in the country.
It's best to cron it for a weekend or other idle time and you have
to clean the files with another anti-virus application. Clamav
won't clean the files, it will only notify you that they are infected.
And when the cron job then hasn't finished come monday morning b/c of
the large number of files being scanned...
Far better to scan files as they change or enter the system.
But yes, I have heard of people doing this with mixed results.
