May 28, 2008 at 1:14 pm
Here is the official word: CA etrust ITM version 8.1
May 28, 2008 at 1:39 pm
I'm not sure why you'd need some fancy instantiating the AV app.
If you can live with a short delay, we stayed simpler:
- Upon getting a request like this - we encode the filename (where encode = we made sure the filenames were always distinct), and then stream it to a specific directory on a DMZ server. We also record the new and original file names in the DB, of course with the appropriate info to correlate it to whatever we're doing.
- set up the AV to automatically quarantine anything it "doesn't like" from that folder.
- run a simple FileSystemWatcher process to pull those files into the actual DB after a 2-minute delay (leaving the AV plenty of time to grab a hold of it and scan it). 15 secs would have been plenty, but we like to be paranoid.
- if the file's missing - then it was infected (we initially were checking the quarantine folder for existence, but we turned it off, because that was essentially always why it would be missing from the intermediate folder.)
I never liked the concept of anything getting a handle on our AV program, having been stung a few times by smart "AV-killer" viruses, two of which we had the pleasure of reporting to Norton. Our AV installations are so locked down that damn near nothing can even "touch" it in any way , so automating against it wouldn't have been possible anyway.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
May 28, 2008 at 4:31 pm
Not tied to any one way or other, actually looking for alternatives that we can compare and evaluate. As with anything, we have to look at the application and see what will work. Thank you for providing another way of handling this particular situation. I am sure we will look at it carefully. I would prefer to find as simple a wayas possible as we have limited resources.
😎
May 28, 2008 at 5:56 pm
Happy to hear, but more importantly - GO BE ON VACATION!
Stop geeking it out with the rest of us shmoes - take the night off or something.....:D
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
May 28, 2008 at 8:06 pm
Hey, any info I can get and send to our PeopleSoft Administrator now is good. Gives her more time to digest it and bounce ideas off the consultant we have helping with the project. Plus, I've been around long enough to know if I don't pass it on now, I might forget later, or until it's too late to make a difference.
Plus, I like hanging out with all you guys and gals. :w00t:
😎
May 28, 2008 at 8:24 pm
I like Matt's solution a lot because it ensures you don't have multiple instances of the AV engine running to do scans. Of course, I've never been a big fan of throwing blobs into the database but that's the way things are going...
K. Brian Kelley
@kbriankelley
Viewing 6 posts - 16 through 21 (of 21 total)
You must be logged in to reply to this topic. Login to reply