Re: Anti Virus on Sun Solaris

From: Brad Arlt (arlt@cpsc.ucalgary.ca)
Date: 11/17/02

  • Next message: Stephane Nasdrovisky: "Re: Anti Virus on Sun Solaris"
    Date: Sat, 16 Nov 2002 22:20:57 -0700
    From: Brad Arlt <arlt@cpsc.ucalgary.ca>
    To: "K. K. Mookhey" <cto@nii.co.in>
    
    

    On Mon, Nov 11, 2002 at 03:10:34PM +0530, K. K. Mookhey wrote:
    > We are looking to implement an AntiVirus Solution for a Sendmail Mail Server
    > running on Sun Solaris (SunOS 5.7).
    > This has to be a Mail Gateway AV solution which must work in conjunction
    > with Sendmail. The mails must get scanned and filtered at the Mail Server
    > level itself.
    > We have shortlisted Amavis as a possible solution, and possibly Trend
    > Micro's Interscan VirusWall for Solaris. But, the latter may not work on the
    > same server as the one on which sendmail is working.
    > I would greatly appreciate it if others on this list could provide their
    > inputs as to the best solution under this scenario.
    > Changing the topology to include an NT server to act as the gateway and scan
    > for viruses is not preferable. This Solaris server also acts as the proxy
    > for the network.
    > TIA

    Interscan can be made to work on the same machine as Sendmail. Using
    IP Filter or SunScreen you should be able to rig something. I'd say
    Interscan runs on port 25, and Sendmail listening only on localhost,
    maybe on a port other than 25. Email entering and leaving your
    network talks to Interscan. Interscan sends the email to Sendmail
    which then handles the details of where to send the email.

    This might get messy. To say the least.

    I have been running Amavis, via the magic of milter, happily for the
    better part of a year.

    I'd say if you don't want to run Interscan on another machine, you
    don't need Intrescan's performance, and the folks at Trend haven't
    offered any suggestions better than mine; go with Amavis. It will be
    simpler, *way* simpler.

    If you don't mind tossing a Linux (or Solaris) box into the mix, run
    your mail hub (sendmail) on the Linux box. Interscan can run how it
    wants to on your Solaris proxy machine, you can still use sendmail how
    you want to, DNS can be altered so your users are none the wiser, and
    everybody is happy.

    I don't understand where and why the NT box needs to enter the mix.
    But if you have one, it could be re-installed as a Intel Solaris or
    Linux box to function as I mentioned above.

    -----------------------------------------------------------------------
       __o Bradley Arlt Security Team Lead
     _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
    (_)/(_) I should be biking right now. Computer Science