Re: [suse-security] AmaVis or InterScan VirusWall
Sven Michels [mailto:sven@darkman.de] wrote:
Hello guys,
I have a big doubt,
When should I use AmaVis or InterScan VirusWall ? What are
On Tue, Oct 22, 2002 at 12:14:47PM -0500, Manuel Peña wrote: the differents
between both? What is the better?
i would prefere postfix + amavisd because you can use the power of postfix configuration options for filtering mail etc., and after that your mail will be scanned by amavisd before the mail will be dropped to the users mailbox. amavisd is also known to work with highvolumes (5-7 GB Mail an more per day) servers.
I know (and use, in different locations) both products. First of all, theses are toally different products. Amavis is "only" a middleware sitting between your mail server and your virus scanning software (amavis is _not_ a virus scanner!). Amavis is free. TrendMicro's InterScan VirusWall (or short ISVW) (http://www.trendmicro.com/) is an email virus scanner, and also scans HTTP and FTP traffic, too. ISVW licenses are per-user licenses. IIRC 100 Users == 5000 EUR/USD. ISVW (at least their SMTP-forwarding) is a pain IMHO, as you lose at least the IP of the mail server you receive mail from (it's always localhost). Beside this, it works well for a customer of mine which is a gay portal and gets about 100-150 viral/wormed mails every day. Personally I use amavisd, with AntiVir from H+B EDV (www.hbedv.de), trophie (http://www.vanja.com/tools/trophie/), an alternative frontend for TrendMicro's libvsapi shared library, and clamav (http://clamav.elektrapro.com/), a free scanner which uses OpenAV's (http://www.openantivirus.org) signatures, but is implemeted in C (openav is written in Java). All these in different combinations, and they all work very well. I must say that amavisd is a really outstanding piece of software, and can only recommend using it. If you don't need HTTP/FTP virus scanning, then go with amavisd + some virus scanner. Which one you chose is up to you; I have no long-term experience about how fast the OpenAV team is when it comes to new virii/worms. The OpenAV home page also has links to (at least) a squid filter which can do http/ftp scanning, and an on access scanner for samba. Hope that helped you. Thomas
On Tuesday 22 October 2002 20:08, Thomas Lamy wrote:
Personally I use amavisd, with AntiVir from H+B EDV (www.hbedv.de), trophie (http://www.vanja.com/tools/trophie/), an alternative frontend for TrendMicro's libvsapi shared library, and clamav (http://clamav.elektrapro.com/), a free scanner which uses OpenAV's (http://www.openantivirus.org) signatures, but is implemeted in C (openav is written in Java). All these in different combinations, and they all work very well. I must say that amavisd is a really outstanding piece of software, and can only recommend using it.
<shamelessplug> If you only use the H+BEDV scanner (AntiVir), you can also use their 'avmilter' package. It is available for download on their homepage (http://www.hbedv.com). </shamelessplug> Private, non commercial use is free with a key they send once registered (you'll need a key anyway, even if you use 'amavisd' with AntiVir after the evaluation period). I must admit I have no experience with 'amavisd', but 'avmilter' speeded up scanning significantly compared to 'amavis-perl'. Arjen -- 51 N 25' 05.1" - 05 E 29' 13.3" Key fingerprint - 66 4E 03 2C 9D B5 CB 9B 7A FE 7E C1 EE 88 BC 57
Personally I use amavisd, with AntiVir from H+B EDV (www.hbedv.de), trophie (http://www.vanja.com/tools/trophie/), an alternative frontend for TrendMicro's libvsapi shared library, and clamav (http://clamav.elektrapro.com/), a free scanner which uses OpenAV's (http://www.openantivirus.org) signatures, but is implemeted in C (openav is written in Java). All these in different combinations, and they all work very well. I must say that amavisd is a really outstanding piece of software, and can only recommend using it.
<shamelessplug>
If you only use the H+BEDV scanner (AntiVir), you can also use their 'avmilter' package. It is available for download on their homepage (http://www.hbedv.com).
Avmilter is fine, but does not allow certain sites. It goes between sendmail or postfix and does act as smtp. I would not use it, because the features of your original mail transport are bypassed. Another thing is use more than one mailscanner, because the antivir virus scanner does know less viruses than some other products. Philippe
On Wednesday 23 October 2002 23:25, Philippe Vogel wrote:
Avmilter is fine, but does not allow certain sites. It goes between sendmail or postfix and does act as smtp.
No. That's 'avmailgate'. Although it reports itself as 'avmailgate' when you (re)start the daemon, 'avmilter' scanner runs via the milter interface in sendmail. Therefor sendmail is still my MTA, which is needed because I do not want to loose the RBL features (as you indicated also).
I would not use it, because the features of your original mail transport are bypassed.
They are not...
Another thing is use more than one mailscanner, because the antivir virus scanner does know less viruses than some other products.
Of course it is always better to have some kind of redundancy. But I already have that in the form of e-mail virusscanners running on the Windows PCs in my network. My poor man's server just cannot handle the load multiple scanners would cause... Arjen -- 51 N 25' 05.1" - 05 E 29' 13.3" Key fingerprint - 66 4E 03 2C 9D B5 CB 9B 7A FE 7E C1 EE 88 BC 57
On Tue, 22 Oct 2002, Thomas Lamy wrote: [ cut'ed a nice summary :) ]
Personally I use amavisd, with AntiVir from H+B EDV (www.hbedv.de), trophie (http://www.vanja.com/tools/trophie/), an alternative frontend for TrendMicro's libvsapi shared library, and clamav
I'd just like to point out using an anti-virus daemon like Sophie/Trophie, F-Prot Daemon or Kapsersky Anti-Virus Daemon (just to name a few) speeds up amavis/amavisd a lot. Actually, I planned to ship amavisd on SuLi 8.1, but my time was too limited to fix some issues + add some features to amavis 0.3.12pre8 and amavisd-snapshot. So, I sheduled a deamonized version of amavis for the next SuSE Linux release - whether it will be amavisd, amavis-ng (not yet deamonized) or amavisd-new, I simply can't tell yet. Every "branch" has it's pros/cons. Probably I should start a survey ;)
I must say that amavisd is a really outstanding piece of software, and can only recommend using it. Thank you very much. I'm sure the AMaViS Team really appreciates it :)
best regards, Rainer Link (SuSE Labs) -- Rainer Link | SuSE Linux AG - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (www.amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
First of all, I'd like to thank the Amavis team for their work also. I'm using Amavis-perl and found it easy and straightforward to add my personal additions to the code. At Mittwoch, 23. Oktober 2002 00:50 Rainer Link wrote:
I'd just like to point out using an anti-virus daemon like Sophie/Trophie, F-Prot Daemon or Kapsersky Anti-Virus Daemon (just to name a few) speeds up amavis/amavisd a lot.
That's absolutely true. What I also found very useful is to let Kasperky do the unpackung of the whole email. So for those scanner, which can de-mangle the email-mime parts by themself, it's certainly worth considering an option, where Amavis delivers the complete message to the scanning-program resp. -daemon. Greetings -- Michael Zimmermann (http://vegaa.de)
On Tue, 22 Oct 2002, Thomas Lamy wrote: [cut]
First of all, theses are toally different products. Amavis is "only" a middleware sitting between your mail server and your virus scanning software (amavis is _not_ a virus scanner!). Amavis is free.
TrendMicro's InterScan VirusWall (or short ISVW) (http://www.trendmicro.com/) is an email virus scanner, and also scans HTTP and FTP traffic, too. ISVW licenses are per-user licenses. IIRC 100 Users == 5000 EUR/USD.
ISVW (at least their SMTP-forwarding) is a pain IMHO, as you lose at least the IP of the mail server you receive mail from (it's always localhost). Beside this, it works well for a customer of mine which is a gay portal and gets about 100-150 viral/wormed mails every day.
ISVW can be configured an used in severall ways. 1.) as the primary listener for mail which then forwards mail to your sendmail/postfix/whatever... 2.) as a plugin to sendmail 3.) in a "sandwich" way: recieve mails with your favourite MTA, forward it to ISVW, use second instance of your favouriter MTA to deliver mail.... regards, daniel
I had problems with TrendMicro's InterScan VirusWall, configured in a sandwich way. Some files exe, zip, downloaded via http, was corrupted. Breno. On Friday 25 October 2002 04:36, Daniel Wirth wrote:
On Tue, 22 Oct 2002, Thomas Lamy wrote:
[cut]
First of all, theses are toally different products. Amavis is "only" a middleware sitting between your mail server and your virus scanning software (amavis is _not_ a virus scanner!). Amavis is free.
TrendMicro's InterScan VirusWall (or short ISVW) (http://www.trendmicro.com/) is an email virus scanner, and also scans HTTP and FTP traffic, too. ISVW licenses are per-user licenses. IIRC 100 Users == 5000 EUR/USD.
ISVW (at least their SMTP-forwarding) is a pain IMHO, as you lose at least the IP of the mail server you receive mail from (it's always localhost). Beside this, it works well for a customer of mine which is a gay portal and gets about 100-150 viral/wormed mails every day.
ISVW can be configured an used in severall ways. 1.) as the primary listener for mail which then forwards mail to your sendmail/postfix/whatever... 2.) as a plugin to sendmail 3.) in a "sandwich" way: recieve mails with your favourite MTA, forward it to ISVW, use second instance of your favouriter MTA to deliver mail....
regards, daniel
participants (7)
-
Arjen de Korte -
Breno S. Soares -
Daniel Wirth -
Michael Zimmermann -
Philippe Vogel -
Rainer Link -
Thomas Lamy