Prev: Skip virtusertable processing for envelope sender (mail from:)
Next: Stats comp.mail.sendmail (last 7 days)
From: RICCARDO on 1 Aug 2010 14:59
I'm using sendmail for my mail server, which processes about 70.000
messages a day, so I need antivirus product to be linked to Amavisid.
Can you suggest me specific software to integrate into my MTA ?
From: Andrzej Adam Filip on 1 Aug 2010 15:57
RICCARDO <ric.castellani(a)alice.it> wrote:
> I'm using sendmail for my mail server, which processes about 70.000
> messages a day, so I need antivirus product to be linked to Amavisid.
> Can you suggest me specific software to integrate into my MTA ?

Have you already ruled out (free) AV programs? [e.g. clamav]

You should know what you pay for if you choose something else ;-)

--
[pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com
http://open-sendmail.sourceforge.net/ http://anfi.homeunix.org/
To fear love is to fear life, and those who fear life are already three
parts dead. -- Bertrand Russell
From: RICCARDO on 2 Aug 2010 03:38
On 1 Ago, 21:57, Andrzej Adam Filip <a...(a)onet.eu> wrote:
> RICCARDO <ric.castell...(a)alice.it> wrote:
> > I'm using sendmail for my mail server, which processes about 70.000
> > messages a day, so I need antivirus product to be linked to Amavisid.
> > Can you suggest me specific software to integrate into my MTA ?
>
> Have you already ruled out (free) AV programs? [e.g. clamav]
>
> You should know what you pay for if you choose something else ;-)
>
> --
> [pl>en Andrew] Andrzej Adam Filip : a...(a)onet.eu : Andrzej.Fi...(a)gmail.comhttp://open-sendmail.sourceforge.net/http://anfi.homeunix.org/
> To fear love is to fear life, and those who fear life are already three
> parts dead.  -- Bertrand Russell

I tried uvscan (I paid for it) but new version is not efficient for
this purpose , infact it uses 100 cpu.
I can pay but I'd like knowing what product, which I can link to
amavis, is efficient fot scanning virus on messages.
I didn't try clam AV.
From: ska on 2 Aug 2010 04:53
RICCARDO wrote:

> I tried uvscan (I paid for it) but new version is not efficient for
> this purpose , infact it uses 100 cpu.

Is this a / the command line version? IMHO, the overhead for loading
the various databases and safety checks a.s.o is too high for 70.000
msgs/day == 49msgs/min. You load all the stuff once per second almost.

You ought to get a server-based variant of a scanner.

Besides that, frankly speaking, you are on your own, because malware
scanning is trust. You have to trust the vendor to keep up with early
updates, to not inlcude false positives etc.pp. ClamAV behaves well on
our system, but we also use a commercial product. BTW: ClamAV does not
detect anything, but I never checked, if the commercial one would
detect all malware found by ClamAV. Another thing is: use something
different than used on your clients. So two different scanners will
take care of the messages (some will slip through the mail relay by
using unusal transportation, e.g. password encrypted files/archives,
unknown archive types, ...) and you can (try to) select the scanner on
the mail relay by different attributes, e.g. have server-based tool,
no need for on-access scanner, no need for intuitive GUI etc.pp.

Regards, ska
From: RICCARDO on 2 Aug 2010 14:09
On 2 Ago, 10:53, ska <s...(a)mail.inf.fh-brs.de> wrote:
> RICCARDO wrote:
> > I tried uvscan (I paid for it) but new version is not efficient for
> > this purpose , infact it uses 100 cpu.
>
> Is this a / the command line version? IMHO, the overhead for loading
> the various databases and safety checks a.s.o is too high for 70.000
> msgs/day == 49msgs/min. You load all the stuff once per second almost.
>
> You ought to get a server-based variant of a scanner.
>
> Besides that, frankly speaking, you are on your own, because malware
> scanning is trust. You have to trust the vendor to keep up with early
> updates, to not inlcude false positives etc.pp. ClamAV behaves well on
> our system, but we also use a commercial product. BTW: ClamAV does not
> detect anything, but I never checked, if the commercial one would
> detect all malware found by ClamAV. Another thing is: use something
> different than used on your clients. So two different scanners will
> take care of the messages (some will slip through the mail relay by
> using unusal transportation, e.g. password encrypted files/archives,
> unknown archive types, ...) and you can (try to) select the scanner on
> the mail relay by different attributes, e.g. have server-based tool,
> no need for on-access scanner, no need for intuitive GUI etc.pp.
>
> Regards, ska


>Is this a / the command line version?
Yes, it's McAfee command line version.

>You load all the stuff once per second almost.
I ask meself if it exist software which loads DAT file once into
memory and not every time when message is scanned.

>ClamAV behaves well on
>our system, but we also use a commercial product

1- What's the name of your commercial product ?
2- Do you think ClamAV is effcient for my purpose ?
3- Does it exist ClamAV for Linux, command line version, to link to
Amavis ?
 |  Next  |  Last
Pages: 1 2
Prev: Skip virtusertable processing for envelope sender (mail from:)
Next: Stats comp.mail.sendmail (last 7 days)