RE: mail antivirus



ClamAV. http://www.clamav.net/

Open Source. Virus definitions automatically updated with new definitions
via freshclam. New strains added very quickly. Client / Server model.

We use a shell script to make clamscan work with maildrop xfilter and it
works very well.

No complaints other than some issues with the code base evolving a little to
quickly which can make it difficult to keep up to date (some newer virus
definitions will not work with an older version of clamscan so you need to
check the logs of freshclam occasionally for "WARNING: Your ClamAV
installation is OUTDATED!" and update when needed).

Recently purchased by SourceFire (makers of Snort), so I figure that at some
point there is going to be a fork in the signatures they provide to a
similar structure as the Snort Rules (two or three tiers with paying
customers getting access to the newest rules instantly). I should note that
this is only conjecture on my part, but is something to keep an eye on.

Hope that helps.



-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of mircea
Sent: Wednesday, August 22, 2007 11:54 AM
To: focus-linux@xxxxxxxxxxxxxxxxx
Subject: mail antivirus

Hello,

what kind of antivirus filter are you using on linux mail servers?

I appreciate solution names and a few words on why you're using it.

Thanks,
Mircea



Relevant Pages

  • [Full-disclosure] DMA[2006-0514a] - ClamAV freshclam incorrect privilege drop
    ... Tomasz Kojm of the ClamAV team describes the following code snippet from freshclam as being "for system administrators who know ... components of ClamAV because some of them contain code that is intended to be "for system administrators who know what they're doing". ...
    (Full-Disclosure)
  • DMA[2006-0514a] - ClamAV freshclam incorrect privilege drop
    ... Tomasz Kojm of the ClamAV team describes the following code snippet from freshclam as being "for system administrators who know ... components of ClamAV because some of them contain code that is intended to be "for system administrators who know what they're doing". ...
    (Bugtraq)
  • Re: ClamAv: is anyone paying attention?
    ... 0.88.5 was released Oct 15 according to the ClamAv ... downloads clamav virus databases from the Internet ... This package contains the program freshclam and scripts to automate ... problems in freshclam and other minor bugfixes. ...
    (Ubuntu)
  • Re: clamav: uptodate or not?
    ... When i run the gui antivirus scanner that uses clamav, ... as freshclam needs to be setuid clamav. ... The freshclam program updates the databses, ... The OP needs to check on why the mirrors are not connecting. ...
    (Debian-User)
  • Re: ClamAv: is anyone paying attention?
    ... WARNING: Your ClamAV installation is OUTDATED! ... The main signatures are up to date ... system monitor and freshclam is currently running. ...
    (Ubuntu)