mail antivirus
|
View:
New views
11 Messages
—
Rating Filter:
Alert me
|
 |
mail antivirus
by mircea-3
::
Rate this Message:
Hello,
what kind of antivirus filter are you using on linux mail servers? I appreciate solution names and a few words on why you're using it. Thanks, Mircea |
|
|
RE: mail antivirus
by Tom Walsh-3
::
Rate this Message:
ClamAV. http://www.clamav.net/
Open Source. Virus definitions automatically updated with new definitions via freshclam. New strains added very quickly. Client / Server model. We use a shell script to make clamscan work with maildrop xfilter and it works very well. No complaints other than some issues with the code base evolving a little to quickly which can make it difficult to keep up to date (some newer virus definitions will not work with an older version of clamscan so you need to check the logs of freshclam occasionally for "WARNING: Your ClamAV installation is OUTDATED!" and update when needed). Recently purchased by SourceFire (makers of Snort), so I figure that at some point there is going to be a fork in the signatures they provide to a similar structure as the Snort Rules (two or three tiers with paying customers getting access to the newest rules instantly). I should note that this is only conjecture on my part, but is something to keep an eye on. Hope that helps. -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of mircea Sent: Wednesday, August 22, 2007 11:54 AM To: focus-linux@... Subject: mail antivirus Hello, what kind of antivirus filter are you using on linux mail servers? I appreciate solution names and a few words on why you're using it. Thanks, Mircea |
|
|
Re: mail antivirus
by Hugo Francisco González Robledo
::
Rate this Message:
Hi, i'm using clamav with postfix .. its pretty cool.
mmm, and spammassasin and postgrey. All of this could be integrated with amavis-new i'm using debian, so only apt-get install work for me. Some information at : http://www.debian-administration.org/articles/259 http://www.postfix.org/docs.html regards, On Wed, Aug 22, 2007 at 07:54:28PM +0300, mircea wrote: > Hello, > > what kind of antivirus filter are you using on linux mail servers? > > I appreciate solution names and a few words on why you're using it. > > Thanks, > Mircea > -- Hugo Francisco González Robledo, MC, SCSA, LPI-1 Instituto Tecnológico de San Luis Potosí Llave pública en http://www.honeynet.org.mx ------------------------------------------- Educación es lo que queda después de olvidar lo que se ha aprendido en la escuela. Albert Einstein ------------------------------------------- |
|
|
Re: mail antivirus
by Stephen Summerfield
::
Rate this Message:
Mircea,
1) DSPAM - very effective, it learns what is spam and what is not and continues to learn so it adapts to different styles of spam. Learning is very fast and false positives are virtually nil (in fact I can't remember the last time I had one - I'm talking many months, if not years). I have arranged for spam to be automatically moved to a separate 'Junk' folder on an IMAP server based on DSPAM's classification using a simple sieve script. However I still monitor the junk folder just in case, but it's hardly worth it and I could probably simply delete these mails. 2) SQLGrey - (not actually a SPAM filter, I use it front of and in- conjunction with DSPAM). Highly effective and as unobtrusive as a greylisting solution can be. Occasionally annoying having to wait a few minutes for emails from a new source (eg site registration emails), but the number of spams that simply get dropped, makes it very worthwhile. I now get approximately 15 spam emails a day (as opposed to 200 a day) and these are mostly to postmaster, hostmaster, webmaster, etc RFC addresses to my domains. Only the occasional spam is to my real email address and this address I have used for over 10 years and posted to usenet, mailing lists and used for pretty much everything (i.e. I've not been overly careful with it). Hope that helps, Steve On 22 Aug 2007, at 17:54, mircea wrote: > Hello, > > what kind of antivirus filter are you using on linux mail servers? > > I appreciate solution names and a few words on why you're using it. > > Thanks, > Mircea > > > > !DSPAM:46cdb439321391626116346! > > |
|
|
RE: mail antivirus
by Tony UcedaVelez-2
::
Rate this Message:
I've used Clam A/V and it's been pretty stable and effective. I believe its
signatures have exceeding the ability to protect 100,000 different kinds of Trojans, viruses, worms, etc. It's one of the more well known A/V solutions for *NIX based platforms. Very scalable for small scale organizations as well as those medium organizations that have less than 1,000 users. I've also never had it give me problems with any type of mail formats or file attachments. Hope this helps. Tony UcedaVélez, CISM, CISA, GIAC Managing Partner VerSprite, LLC (office) 678.938.3434 (email) tonyuv@... (web) www.versprite.com -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of mircea Sent: Wednesday, August 22, 2007 12:54 PM To: focus-linux@... Subject: mail antivirus Hello, what kind of antivirus filter are you using on linux mail servers? I appreciate solution names and a few words on why you're using it. Thanks, Mircea |
|
|
Re: mail antivirus
by Kosala Atapattu-2
::
Rate this Message:
This depends on your mail server, but Clam-AV with amavis seems very good.
http://www.clamav.net/2007/08/09/untangle-tests-antivirus-tools-in-linuxworld-fight-club// Amavis seems to support Lot More AV programs than I knew before, and it seems you can use any antivirus engine if you know how to get the job done (write few regex to interpret the output). I have tested it with f-prot and trendmicro, but I suppose answer should be any antivirus solution (as long as there is a file scanner). Kosala On 8/22/07, mircea <mircea@...> wrote: > Hello, > > what kind of antivirus filter are you using on linux mail servers? > > I appreciate solution names and a few words on why you're using it. > > Thanks, > Mircea > > > -- Kosala -------------------------------------------- Disclaimer: Views expressed in this mail are my personal views and they would not reflect views of the employer. -------------------------------------------- blog.kosala.net www.linux.lk/~kosala/ www.kosala.net |
|
|
Re: mail antivirus
by Oscar Bossans
::
Rate this Message:
Stephen
Can you give me a link to read more, I'have serious problems with spam and spamassassin is not enough at less to me. pd: I' use Clamav and it's work perfect, filtered all virus. pd2: sorry my english Atte. Oscar Bossans L. Depto. Informática Bramell Ltda. Fono: 051-247976 Anexo 15 Coquimbo ----- Original Message ----- From: "Stephen Summerfield" <stephen@...> To: "mircea" <mircea@...> Cc: <focus-linux@...> Sent: Thursday, August 23, 2007 3:52 PM Subject: Re: mail antivirus > Mircea, > > 1) DSPAM - very effective, it learns what is spam and what is not and > continues to learn so it adapts to different styles of spam. Learning is > very fast and false positives are virtually nil (in fact I can't remember > the last time I had one - I'm talking many months, if not years). I have > arranged for spam to be automatically moved to a separate 'Junk' folder > on an IMAP server based on DSPAM's classification using a simple sieve > script. However I still monitor the junk folder just in case, but it's > hardly worth it and I could probably simply delete these mails. > > 2) SQLGrey - (not actually a SPAM filter, I use it front of and in- > conjunction with DSPAM). Highly effective and as unobtrusive as a > greylisting solution can be. Occasionally annoying having to wait a few > minutes for emails from a new source (eg site registration emails), but > the number of spams that simply get dropped, makes it very worthwhile. > > I now get approximately 15 spam emails a day (as opposed to 200 a day) > and these are mostly to postmaster, hostmaster, webmaster, etc RFC > addresses to my domains. Only the occasional spam is to my real email > address and this address I have used for over 10 years and posted to > usenet, mailing lists and used for pretty much everything (i.e. I've not > been overly careful with it). > > Hope that helps, > > Steve > > On 22 Aug 2007, at 17:54, mircea wrote: > >> Hello, >> >> what kind of antivirus filter are you using on linux mail servers? >> >> I appreciate solution names and a few words on why you're using it. >> >> Thanks, >> Mircea >> >> >> >> !DSPAM:46cdb439321391626116346! >> >> > > > -- > Este mensaje ha sido analizado por MailScanner > en busca de virus y otros contenidos peligrosos, > y se considera que está limpio. > For all your IT requirements visit: http://www.transtec.co.uk -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. For all your IT requirements visit: http://www.transtec.co.uk |
|
|
Re: mail antivirus
by Andreas Maus-4
::
Rate this Message:
On Wed, Aug 22, 2007 at 07:54:28PM +0300, mircea wrote:
> Hello, Hi. > what kind of antivirus filter are you using on linux mail servers? Well it depends ;) It will also depends on your hardware, corporate (if any) rules, you mail traffic, etc ... > I appreciate solution names and a few words on why you're using it. For my personal servers I use clamav (because it open source and free) with: a) postfix + greylisting + amavisd-new with spamassassin+clamav b) qmail with qpsmtpd (http://smtpd.develooper.com/) as the qmails smtpd replacement and qsheff (http://www.enderunix.org/qsheff/) which scans using clamav and rejects virii at the smtp dialogue. qpsmtpd is configured to stop "early talkers" (clients starting to talk before they see the mailserver greeting. This catches most viruses because of their simple SMTP engine. Greylisting will stop some viruses (simple SMTP engine) and some spam. (Although there are reports about some - non RFC compliant clients - missed mails, e.g. http://isc.sans.org/diary.html?storyid=3312) At work we are using postfix+amavisd-new with sophos (they provide binaries for non linux systems like AIX,HP-UX,Solaris, etc. ...) Well, as said above it depends on your mail server, mail traffic and some other things, e.g. how fast the AV vendors update their signatures. HTH, Andreas. -- Out of the darkness a voice spoke unto me, saying "smile, things could be worse". So I smiled, and so, things became worse. |
|
|
RE: mail antivirus
by Ludo Lenière-2
::
Rate this Message:
Hi,
The solution depends of what use you're making of the mailserver. If it's for a home network with only a few users, clamav + amavisd-new is a good solution. If you want a mail server for a small (or even large) business unit, have a look at maia mailguard (maiamailguard.com), a complete virus and spam management system, which combines amavisd-new + SpamAssassin + dspam. http://maiamailguard.com/maia/wiki Regards, Ludo Lenière |
|
|
RE: mail antivirus
by Darrell Hyde
::
Rate this Message:
I used f-secure with postfix / amavis for virus filtering. F-secure's commerial, but its not too pricey per-server - worked like a charm too.
> -----Original Message----- > From: listbounce@... > [mailto:listbounce@...] On Behalf Of Oscar Bossans > Sent: Friday, August 24, 2007 3:16 PM > To: Stephen Summerfield; mircea > Cc: focus-linux@... > Subject: Re: mail antivirus > > Stephen > > Can you give me a link to read more, I'have serious problems > with spam and > spamassassin is not enough at less to me. > > pd: I' use Clamav and it's work perfect, filtered all virus. > pd2: sorry my english > > Atte. > Oscar Bossans L. > Depto. Informática Bramell Ltda. > Fono: 051-247976 Anexo 15 > Coquimbo > > ----- Original Message ----- > From: "Stephen Summerfield" <stephen@...> > To: "mircea" <mircea@...> > Cc: <focus-linux@...> > Sent: Thursday, August 23, 2007 3:52 PM > Subject: Re: mail antivirus > > > > Mircea, > > > > 1) DSPAM - very effective, it learns what is spam and what > is not and > > continues to learn so it adapts to different styles of > spam. Learning is > > very fast and false positives are virtually nil (in fact I > can't remember > > the last time I had one - I'm talking many months, if not > years). I have > > arranged for spam to be automatically moved to a separate > 'Junk' folder > > on an IMAP server based on DSPAM's classification using a > simple sieve > > script. However I still monitor the junk folder just in > case, but it's > > hardly worth it and I could probably simply delete these mails. > > > > 2) SQLGrey - (not actually a SPAM filter, I use it front of and in- > > conjunction with DSPAM). Highly effective and as unobtrusive as a > > greylisting solution can be. Occasionally annoying having > to wait a few > > minutes for emails from a new source (eg site registration > emails), but > > the number of spams that simply get dropped, makes it very > worthwhile. > > > > I now get approximately 15 spam emails a day (as opposed > to 200 a day) > > and these are mostly to postmaster, hostmaster, webmaster, etc RFC > > addresses to my domains. Only the occasional spam is to my > real email > > address and this address I have used for over 10 years and > posted to > > usenet, mailing lists and used for pretty much everything > (i.e. I've not > > been overly careful with it). > > > > Hope that helps, > > > > Steve > > > > On 22 Aug 2007, at 17:54, mircea wrote: > > > >> Hello, > >> > >> what kind of antivirus filter are you using on linux mail servers? > >> > >> I appreciate solution names and a few words on why you're using it. > >> > >> Thanks, > >> Mircea > >> > >> > >> > >> !DSPAM:46cdb439321391626116346! > >> > >> > > > > > > -- > > Este mensaje ha sido analizado por MailScanner > > en busca de virus y otros contenidos peligrosos, > > y se considera que está limpio. > > For all your IT requirements visit: http://www.transtec.co.uk > > > -- > > Este mensaje ha sido analizado por MailScanner > en busca de virus y otros contenidos peligrosos, > y se considera que está limpio. > For all your IT requirements visit: http://www.transtec.co.uk > > |
|
|
RE: mail antivirus
by Paul Ryland
::
Rate this Message:
> -----Original Message----- > From: listbounce@... > [mailto:listbounce@...] On Behalf Of Tom Walsh > Sent: 23 August 2007 19:09 > To: focus-linux@... > Subject: RE: mail antivirus > > ClamAV. http://www.clamav.net/ > > Open Source. Virus definitions automatically updated with new > definitions via freshclam. New strains added very quickly. > Client / Server model. > > We use a shell script to make clamscan work with maildrop > xfilter and it works very well. > > No complaints other than some issues with the code base > evolving a little to quickly which can make it difficult to > keep up to date (some newer virus definitions will not work > with an older version of clamscan so you need to check the > logs of freshclam occasionally for "WARNING: Your ClamAV > installation is OUTDATED!" and update when needed). It is evolving rapidly for a very good reason: <http://search.securityfocus.com/swsearch?query=clamav&sbm=archive%2F1%2F&submit=Search%21&metaname=alldoc&sort=swishlastmodified> Yes, that's 7 pages of vulnerabilities over the last 3 years. They ClamAV developers have a very commendable attitude to fixing security issues, but you do have to keep an eye out on the bugtrack list for the weekly issues. Shame I cannot say the same about some very popular mailservers. YMMV. Paul |
| Free Forum Powered by Nabble | Forum Help |