Re: Email virus scan questions

To: <debian-user@lists.debian.org>
Subject: Re: Email virus scan questions
From: "nate" <debian-user@aphroland.org>
Date: Tue, 8 Oct 2002 18:52:30 -0700 (PDT)
Message-id: <[🔎] 17033.216.39.174.24.1034128350.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 20021008144956.223dc1b2.debuser@sysmatrix.net>
References: <[🔎] 20021008144956.223dc1b2.debuser@sysmatrix.net>

Gerald Livingston said:
> OK -- I'm about to start serving mail for my mom and brother from this
> machine via IMAP. They may be using Outlook Express as their client. I
> want to do all virus scanning on this side before they read the mail.
> Maybe some spam filtering too since my brother was careless with his
> address at some point and is getting hammered.
>
> I did an apt-cache search virus and it came back with quite a few
> choices that seem feasible. Any suggestions as to which may be best
> suited to my purpose?

I have been using amavis for almost 2 years now. I have been
using amavisd+postfix since about April 2002 and it works flawlessly
for me. I also have amavis-perl+sendmail and have been runnig that
for about a year and half as well. So in short, amavis is a very
solid integration package. it does NOT include a virus scanner. The
virus scanner I reccomend is Sophos, though I do not believe they
sell to consumers. I also use Mcafee, which is pretty expensive
and very hard to purchase(took me about a week to track someone down
at NAI that knew what Mcafee/Linux was). KAV is cheaper, and also
quite good, though at the time of my investigations(almost 2 years
ago) the reason I did not go with them is their technical support
structure wasn't very good(all they had was an email address in
eastern europe, no phone#), and they didn't have a U.S. reseller
(accoridng to their Australian reseller). Amavis supports about
a dozen different virus scanners though(and you can use combonations
of scanners simultaneously). It also supports Sendmail, Postfix,
and Exim(older versions support qmail as well).

amavis has a great user support list(amavis-user). With helpful
people on there(I used to be on there till I was laid off). The
developers are very friendly & helpful.

I would first investigate the virus software packages though,
the commercial scanners are still pretty much the best out
there(getting signatures faster mostly). Or perhaps you can
talk your employer into purchasing Sophos, Sophos' license
agreement includes freedom to use Sophos Antivirus software
by any employee of the company on any platform(they support
about a dozen platforms). Which I thought was a HUGE plus.

Updating both Mcafee/Linux and Sophos/Linux is very
easy & scriptable. Mcafee's drawbacks IMO are the updates
are BIG, they don't come out with updates very fast(can be
hours or days after Sophos), and the scanner itself is just
a port, they don't put much work into it, and their sales
staff isn't educated on it.  Why are big updates a downside?
Last year, when there was a LARGE virus outbreak(I forgot
the virus name), I went to update my scanners, Sophos had
a 15kb update(.zip) which downloaded in about 10 seconds
(even Sophos was dogged down), Mcafee had a 2MB update which
took about an HOUR to download. Mcafee does not have any
special site for their corp customers(at least they never
told me of one), so your fighting with everyone else for
bandwidth on ftp.nai.com


if you want more detailled info I can provide it, email me
offlist: aphro .at. aphroland .dot. org as I haven't been
following debian-user for the past few days and mail for
this account goes to a different IMAP folder.

nate

Reply to:

References:
- Email virus scan questions
  - From: Gerald Livingston <debuser@sysmatrix.net>

Prev by Date: Re: Calendars
Next by Date: Re: Nothing prints anymore!
Previous by thread: RE: Email virus scan questions
Next by thread: zsh globbing
Index(es):
- Date
- Thread