Re: mail antivirus



On Wed, Aug 22, 2007 at 07:54:28PM +0300, mircea wrote:
Hello,
Hi.

what kind of antivirus filter are you using on linux mail servers?
Well it depends ;)

It will also depends on your hardware, corporate (if any) rules,
you mail traffic, etc ...

I appreciate solution names and a few words on why you're using it.
For my personal servers I use clamav (because it open source and free)
with:

a) postfix + greylisting + amavisd-new with spamassassin+clamav
b) qmail with qpsmtpd (http://smtpd.develooper.com/) as the qmails smtpd replacement
and qsheff (http://www.enderunix.org/qsheff/) which scans using clamav
and rejects virii at the smtp dialogue. qpsmtpd is configured
to stop "early talkers" (clients starting to talk before they
see the mailserver greeting. This catches most viruses because
of their simple SMTP engine.

Greylisting will stop some viruses (simple SMTP engine) and some spam.
(Although there are reports about some - non RFC compliant clients -
missed mails, e.g. http://isc.sans.org/diary.html?storyid=3312)

At work we are using postfix+amavisd-new with sophos (they provide
binaries for non linux systems like AIX,HP-UX,Solaris, etc. ...)

Well, as said above it depends on your mail server, mail traffic
and some other things, e.g. how fast the AV vendors update their
signatures.

HTH,

Andreas.

--
Out of the darkness a voice spoke unto me, saying "smile, things could
be worse". So I smiled, and so, things became worse.