[ngw] virus protection for linux web access recommendation please

Charles Taite charlest at gwava.com
Wed Oct 17 16:47:19 UTC 2007 

We get this question a lot: If I use GWAVA for internal AV scanning, why
would  I need WASP? The answer depends on what you consider to be
reasonable security. WASP does one thing that GWAVA can't do: When you
are composing/replying/forwarding a message using the Webaccess Client,
you have the option to include an attachment (this feature allows you to
essentially upload a file from a foreign PC directly to your Post
Office). Since the Webaccess client is most often used with computers
that are outside the control of the IT department (home PCs, public PCs,
etc...), there is no way to know whether or not those non-company PCs
are already infected (do they even have an up-to-date AV product
installed). All WASP does is watch (in realtime) the attachments being
uploaded to the PO through the Webaccess client. WASP will scan them for
virus and/or block unauthorized file formats. Everything from
potentially dangerous executables, to bandwidth hogging and
non-work-related variety like movies, music, photos, etc...

So, if someone uses the Webaccess Client to introduce a virus into the
PO, that still doesn't mean you need WASP. For example, if that email is
addressed to someone in another PO, or to an external Internet address,
said message will pass through the MTA. If you are using GWAVA at the
MTA, that message would be blocked, therefore, no real need for WASP.
However, the virus would sit in that users "Sent Items" until a PO scan
removes it, so the question is whether or not you willing to tolerate
that kind of threat. Many might say that it's minimal (non need for
WASP, then), and for others, it might be unacceptable (they would
probably want WASP).

If the message was addressed to another user inside the same PO, then
said message would not pass through the MTA. Since it's impossible to
scan the PO in realtime, it's possible that the virus could reach an
internal recipient before a scheduled GWAVA PO scan. Again, this might
be OK for some and totally unacceptable for others.

So if you don't use Webaccess heavily, you might very reasonably decide
that while there is an unplugged security hole, it's a small enough one
to tolerate. Or if you know that Webaccess is used heavily, you might
reasonably decide that due to the high usage of Webaccess there is also
a higher security that warrants a product like WASP.

In the case of the original poster, it could be that after reading
this, the best decision for her organization is to deploy GWAVA on Linux
and not bother with WASP. it all depends on how much Webaccess is used.
On the flip side, we have many customers that own WASP but not GWAVA
because Webaccess is their primary method of accessing GroupWise.

I hope that clarifies things. 

And, on a different note, I'd like to invite everyone on the list from
Europe to come to GWAVACon Berlin which starts this Saturday and goes
through Monday. There are 20 sessions focused on GroupWise, T+C,
ZENworks and Linux (all non-GWAVA related) and several session from 3rd
party vendors like RIM, Nokia, Omni, Syncsort, Advansys, Grouplink,
etc... We've reached our limit of 300 free passes, but we've decide to
keep free registration open, so you can still attend for free. Register
at http://gwavacon.com/eu/gwavacon2007.php

Charles Taite
ct at gwava.com

>>> "Peter Van Lone" <petervl at gmail.com> 10/17/2007 10:21 AM >>>
On 10/17/07, Tim Wohlford <tim at wohlford.net> wrote:
>
> 2.  The WebAccess is just a web gui for the GW system.  The data
might pass
> through this server, but would "land" in the user's PO files.  In
that case,
> the traditional PO AV solutions — i.e., GWAVA — would kick in. 
If they are
> not already scanning attachments at the MTA or PO level, then I'd
suggest
> that they consider it.  Strongly.

I think the issue is that webaccess users, when they send email
"outbound", it by-passes the POA, so that POA AV scanning is not
performed against those messages.

I'm pretty sure they are still routed to the GWIA via the MTA though
... so if GWAVA does MTA scanning, they would be gotten there. Does it
do MTA scanning?

Perhaps Charles can enlighten us more on just why we might need a
"wasp"-like product?

peter






-- 
--------------------
The more I see the less I know/The more I learn to let [delusions of
absolute truth] go

www.the-brights.net

More information about the ngw mailing list