It's been nearly three years since I first wrote about scanning viruses at the gateway using signature-based virus scanning systems in response to Gartner's prediction of the death of signature-based virus scanning systems. Gartner declared the death of signature-based virus scanning systems back in August 2001, but that was about as accurate as any of their other predictions. The exact same thing was (and still is) said about signature-based IDS (Intrusion Detection Systems) dying because of "behavior" based IDS systems, but that's nonsense since the two techniques complement each other.
Although signature-based virus scanning on SMTP gatewaysis showing some signs of age -- viruses are sneakier now with techniques like password-protected zip files -- it is still the bread and butter of any organization's anti-virus defense system and it is still your best shot at defending against a virus outbreak. No sane e-mail administrator would be caught dead without it. I really thought e-mail attachment viruses would be old news by now since the ability to scan viruses at the perimeter has been with us since the end of the last millennium, but it seems that some organizations never learn -- and the latest Bagle outbreak proves it. One of my e-mail providers, Netzero, finally got around to implementing gateway anti-virus this year -- better late than never, I suppose.Still, the number of unprotected e-mail domains that remain is shocking.
Unfortunately, too many IT geeks believe that users shouldn't be so gullible and should learn to defend themselves. This is exactly what spammers count on to accumulate their hordes of zombies that are ready to launch spam or DoS (Denial of Service) attacks at theircommand, because there will always be a percentage of users who are completely helpless. If your organization or ISP doesn't scan for viruses at the gateway, it's time to demand change now.