[opensuse] Virus-scanner recommendation
Hi, I'm running a Postfix mails-server that serves mainly Windows-clients, so a virus-scanner is needed. Up until recently I was running clamav and Norman. Unfortunately, Norman started misbehaving (needing huge amounts of disk-io, slowing down the server) and I had to disable it. So I'm looking for some other virus-scanner besides clamav. Can anyone recommend a virus-scanner that runs under Linux with amavis ? I looked at some scanners, but they are Windows-only. I still need to look at the "big" ones (kaspersky, symantec) though. Regards, Koenraad Lelong -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, 2013-03-25 at 17:27 +0100, Koenraad Lelong wrote:
Hi,
I'm running a Postfix mails-server that serves mainly Windows-clients, so a virus-scanner is needed. Up until recently I was running clamav and Norman. Unfortunately, Norman started misbehaving (needing huge amounts of disk-io, slowing down the server) and I had to disable it.
So I'm looking for some other virus-scanner besides clamav. Can anyone recommend a virus-scanner that runs under Linux with amavis ? I looked at some scanners, but they are Windows-only. I still need to look at the "big" ones (kaspersky, symantec) though.
Regards,
Koenraad Lelong
Hi, you might try avira to see if it is suitable for your needs. You can try the free version, but I think for your business needs you might have to buy the commercial version. It is available for unix from this website: http://www.avira.com/en/download/product/avira-free-antivirus It used to be packaged for openSuse, but I can't find it through Yast for 12.3. It may yet be available for earlier versions, I don't know. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----Original Message-----
From: Mark Misulich
Hi,
I'm running a Postfix mails-server that serves mainly Windows-clients, so a virus-scanner is needed. Up until recently I was running clamav and Norman. Unfortunately, Norman started misbehaving (needing huge amounts of disk-io, slowing down the server) and I had to disable it.
So I'm looking for some other virus-scanner besides clamav. Can anyone recommend a virus-scanner that runs under Linux with amavis ? I looked at some scanners, but they are Windows-only. I still need to look at the "big" ones (kaspersky, symantec) though.
Regards,
Koenraad Lelong
Hi, you might try avira to see if it is suitable for your needs. You can try the free version, but I think for your business needs you might have to buy the commercial version. It is available for unix from this website: http://www.avira.com/en/download/product/avira-free-antivirus It used to be packaged for openSuse, but I can't find it through Yast for 12.3. It may yet be available for earlier versions, I don't know. A college of mine has been testing AV, and found out that NONE had a sucsesfull hit rate. clamav only found about 60%, AVG was better, about 75% But the combination clamav + avg, in tandem scored above 95% hw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Have you looked at 'Sanitization'? When you look at how malware is delivered -- if you subtract phishing -- then it is going to be as an attachment, not as plain text. HTML mail comes as a MIME attachment ... Tools exist that can sequester the attachments. If this is HTML mail ten the message should have a plain-text part. If the attachments are, for example, documents, then the user can be told where they can be obtained if they are deemed legitimate. Yes, users will need to be educated in how this is different from traditional AV; yes users will have to be made more security conscious so that they don't just retried the sequestered part as a matter of course. However there are also tools that can process as well as strip, ones that can test and 'de-fang' the attachments separately, yet not impede the delivery of the basic message. This may seem obtuse to people used to 'traditional' AV, but I've worked at clients where it has been implemented and is accepted by the end used as the 'normal' way of things. Its part of the culture there. The again, I've seen client where they use MS-Word as a email composer and the god-damn-awful HTML that it produces and 'defend to the death' their "right" to produce bloated messages in fancy fonts and more colours than in your child box of crayons, regardless of the extra space it consumes, as insist that this adds business value that plain-text cannot deliver. Go Figure. Of course you can always use some smarts. I do. I have a pre-filtered 'white list' and 'black list' for known correspondents. Everything else gets filtered. -- It is the test of a good religion whether you can joke about it. - G. K. Chesterton -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 3/25/2013 9:27 AM, Koenraad Lelong wrote:
Hi,
I'm running a Postfix mails-server that serves mainly Windows-clients, so a virus-scanner is needed. Up until recently I was running clamav and Norman. Unfortunately, Norman started misbehaving (needing huge amounts of disk-io, slowing down the server) and I had to disable it.
So I'm looking for some other virus-scanner besides clamav. Can anyone recommend a virus-scanner that runs under Linux with amavis ? I looked at some scanners, but they are Windows-only. I still need to look at the "big" ones (kaspersky, symantec) though.
Regards,
Koenraad Lelong
Hmmm Koenraad, just curious, why are you wanting something besides clamav? I believe it integrates easily with Postfix, if I remember correctly from way back when I first tried and used Postfix. And here is a link even, that I just found - https://www.linux.com/learn/tutorials/313660:using-clamav-to-kill-viruses-on... (I don't use Postfix myself these days, but use Apache James instead, and I do know clamav integrates easily with James as a mailet. In fact Apache James config files come pre-configured to support clamav, so since Apache-James even supports it I figure the Apache folks must consider clamav a pretty good virus scanner.....) Nor do I have any experience with amavis, but note that Wikipedia reports that clamav integrates with it as well. Appears to be via using Postfix at the MTA, which in turn can integrate with clamav... If clamav is not up to doing as well as other virus scanners, maybe I should also consider integrating something else into my James server..... Marc... -- "The Truth is out there" - Spooky -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op 25-03-13 18:57, Marc Chamberlin schreef:
On 3/25/2013 9:27 AM, Koenraad Lelong wrote:
Hmmm Koenraad, just curious, why are you wanting something besides clamav? I believe it integrates easily with Postfix, if I remember correctly from way back when I first tried and used Postfix. And here is a link even, that I just found -
Call me paranoid, but I like having two virus-scanners on my mailserver. Reduces the risk of a virus slipping through. Maybe the reduction is small, but anyway.
https://www.linux.com/learn/tutorials/313660:using-clamav-to-kill-viruses-on...
(I don't use Postfix myself these days, but use Apache James instead, and I do know clamav integrates easily with James as a mailet. In fact Apache James config files come pre-configured to support clamav, so since Apache-James even supports it I figure the Apache folks must consider clamav a pretty good virus scanner.....)
Nor do I have any experience with amavis, but note that Wikipedia reports that clamav integrates with it as well. Appears to be via using Postfix at the MTA, which in turn can integrate with clamav...
If clamav is not up to doing as well as other virus scanners, maybe I should also consider integrating something else into my James server.....
Marc...
I have a whole range of defenses : greylisting, RBL-checking, Bayes. Still, the spammers get through. Fortunately, a lot less than without. Regards, Koenraad Lelong. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Mar 25, 2013 at 5:11 PM, Koenraad Lelong
Op 25-03-13 18:57, Marc Chamberlin schreef:
On 3/25/2013 9:27 AM, Koenraad Lelong wrote:
Hmmm Koenraad, just curious, why are you wanting something besides clamav? I believe it integrates easily with Postfix, if I remember correctly from way back when I first tried and used Postfix. And here is a link even, that I just found -
Call me paranoid, but I like having two virus-scanners on my mailserver. Reduces the risk of a virus slipping through. Maybe the reduction is small, but anyway.
with the poor quality of AV scanners, 2 is not even close to paranoid. To be honest, I don't know what would be. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2013-03-25 at 10:57 -0700, Marc Chamberlin wrote:
Nor do I have any experience with amavis, but note that Wikipedia reports that clamav integrates with it as well. Appears to be via using Postfix at the MTA, which in turn can integrate with clamav...
Many antivirus integrate automatically with amavis: amavis detects them all, and uses all that are available in the system. I think it is also possible to unload parts to different machines in the local network, to speed it up. And it is true that a combination of two or more antivirus is necessary to catch most malware. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlFQv4kACgkQtTMYHG2NR9VIawCggcHrrlg+7xcA0VuqB1CHhsi+ HkkAn3+lUn/wGc8BZIvbhmHKvF428nRE =dolU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Anton Aylward -
Carlos E. R. -
Greg Freemyer -
Hans Witvliet -
Koenraad Lelong -
Marc Chamberlin -
Mark Misulich