I know I can always google for virus scanners available for linux based email gateways, but what I want to know is people's experience with them.
How easy / difficult is it to set them up for a large organisation? How effective are they? How frequently can you update them? Is there an auto-learning phase involved? What are the pro's and cons of such auto-learning scanners?
Sameer.
Hi...If all else fails ......Try Hauri ViRobot Gateway AV Scanner....
guran...
----- Original Message ----- From: Sameer D. Sahasrabuddhe sameerds@it.iitb.ac.in To: ILUG-Bom linuxers@mm.ilug-bom.org.in Sent: Sunday, August 22, 2004 6:49 PM Subject: [ILUG-BOM] virus scanners for email gateways
I know I can always google for virus scanners available for linux based email gateways, but what I want to know is people's experience with them.
How easy / difficult is it to set them up for a large organisation? How effective are they? How frequently can you update them? Is there an auto-learning phase involved? What are the pro's and cons of such auto-learning scanners?
Sameer.
Research Scholar, KReSIT, IIT Bombay http://www.it.iitb.ac.in/~sameerds/
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.716 / Virus Database: 472 - Release Date: 7/5/04
On 22/08/04 18:49 +0530, Sameer D. Sahasrabuddhe wrote:
I know I can always google for virus scanners available for linux based email gateways, but what I want to know is people's experience with them.
I use Postfix + amavisd-new + clamav. amavisd-new is a wrapper around a large number of antivirus packages. clamav from http://www.clamav.net/ is a GPLed antivirus scanner, and even though the number of signatures is apparently smaller than the commercial ones, the list is highly up to date for modern viruses.
How easy / difficult is it to set them up for a large organisation?
The setup itself is trivial. Depending on your mail volume, you may want to farm the scanner to another system altogether. Another trick to reduce the load is to use Postfix 2.x which has a built in MIME parser and block attachments with specific extensions (.pif, .com, .exe, .vbs, etc).
How effective are they? How frequently can you update them?
Clamav recommends that you update once every two hours (thats the default as well). If you want to update more frequently, they request that you provide a mirror.
Is there an auto-learning phase involved? What are the pro's and cons of such auto-learning scanners?
No autolearning phase.
Devdas Bhagat
On Sun, Aug 22, 2004 at 10:35:03PM +0530, Devdas Bhagat wrote:
The setup itself is trivial. Depending on your mail volume, you may want to farm the scanner to another system altogether. Another trick to reduce the load is to use Postfix 2.x which has a built in MIME parser and block attachments with specific extensions (.pif, .com, .exe, .vbs, etc).
What I am specifically looking for is a setup that can eliminate the need to blindly drop zip files. Our servers already use clam with qmail.
Is there an auto-learning phase involved? What are the pro's and cons of such auto-learning scanners?
No autolearning phase.
The mail I received mentioned an autolearning phase, hence the question.
I just wanted to cover some ground based on other people's experience before digging. I suppose clam is a safe bet as usual. Any numbers about the performance? Especially missed viruses and false hits.
Sameer.
On 23/08/04 10:53 +0530, Sameer D. Sahasrabuddhe wrote:
On Sun, Aug 22, 2004 at 10:35:03PM +0530, Devdas Bhagat wrote:
The setup itself is trivial. Depending on your mail volume, you may want to farm the scanner to another system altogether. Another trick to reduce the load is to use Postfix 2.x which has a built in MIME parser and block attachments with specific extensions (.pif, .com, .exe, .vbs, etc).
What I am specifically looking for is a setup that can eliminate the need to blindly drop zip files. Our servers already use clam with qmail.
More recent versions of amavisd-new identify encrypted zip files and can take action on that.
Is there an auto-learning phase involved? What are the pro's and cons of such auto-learning scanners?
No autolearning phase.
The mail I received mentioned an autolearning phase, hence the question.
I just wanted to cover some ground based on other people's experience before digging. I suppose clam is a safe bet as usual. Any numbers about the performance? Especially missed viruses and false hits.
No missed viruses, two false hits from amavisd-new when someone sent a .dll file (banned by policy, so it had to be pulled out of quarantine).
Devdas Bhagat
On Sun, 22 Aug 2004 18:49:21 +0530, "Sameer D. Sahasrabuddhe" sameerds@it.iitb.ac.in said:
I know I can always google for virus scanners available for linux based email gateways, but what I want to know is people's experience with them.
How easy / difficult is it to set them up for a large organisation? How effective are they? How frequently can you update them? Is there an auto-learning phase involved? What are the pro's and cons of such auto-learning scanners?
Hello sameer,
I have setup clamav AV with Postfix for a production server, the AV is heavy on the system. But since an AV was essential clamav was use. Clamav can be updated on an hourly basis, although updates are usually available approx twice in a day.
Amish. Amish K. Munshi. Always Available, Everywhere.
If you are looking for commercial solution with attached support, look at
http://www.mwti.net/antivirus/mailscan/mailscan_for_linux.asp
On Sun, 2004-08-22 at 18:49, Sameer D. Sahasrabuddhe wrote:
How easy / difficult is it to set them up for a large organisation?
As easy as installing 3 RPMs
How effective are they?
I would say u will not notice delay in mail delivery. and accuracy is quite good.
How frequently can you update them?
every hour to once a day. depending on your paranoia. :-)
Is there an auto-learning phase involved? What are the pro's and cons of such auto-learning scanners?
Have a look at the above product. With regards,
-
Amish Munshi -
Devdas Bhagat -
Dinesh Shah -
K Ravishekar -
Sameer D. Sahasrabuddhe