Re: [suse-security] AmaVis or InterScan VirusWall
Arjen de Korte [mailto:arjen@nijntje.xs4all.nl] wrote:
On Tuesday 22 October 2002 20:08, Thomas Lamy wrote:
Personally I use amavisd, with AntiVir from H+B EDV (www.hbedv.de), trophie (http://www.vanja.com/tools/trophie/), an alternative frontend for TrendMicro's libvsapi shared library, and clamav (http://clamav.elektrapro.com/), a free scanner which uses OpenAV's (http://www.openantivirus.org) signatures, but is implemeted in C (openav is written in Java). All these in different combinations, and they all work very well. I must say that amavisd is a really outstanding piece of software, and can only recommend using it.
<shamelessplug>
If you only use the H+BEDV scanner (AntiVir), you can also use their 'avmilter' package. It is available for download on their homepage (http://www.hbedv.com).
</shamelessplug>
I must admit this is true, but keeps you from using more than one scanner (on the same machine), which amavisd is capable of (at least after some tweaking). At customers with > 50 viral mails every day I recommend to use at least 2 scanners of different vendors (saved my life once when Trend's download site was busy).
Private, non commercial use is free with a key they send once registered (you'll need a key anyway, even if you use 'amavisd' with AntiVir after the evaluation period). I must admit I have no experience with 'amavisd', but 'avmilter' speeded up scanning significantly compared to 'amavis-perl'.
The speed increase is enormous. I twice got 3000 Mails in one hour because we had an obscure mail loop; amavis (old) kicked the machine to death (flaky motherboard/RAM), on the same machine amavisd did it's job properly (with at least 3x throughput).
Arjen
Thomas
On Wednesday 23 October 2002 10:03, Thomas Lamy wrote: [ about amavisd ]
The speed increase is enormous. I twice got 3000 Mails in one hour because we had an obscure mail loop; amavis (old) kicked the machine to death (flaky motherboard/RAM), on the same machine amavisd did it's job properly (with at least 3x throughput).
Ah! As I wrote, my only amavis experience comes from the amavis-perl version as bundled in SuSE 8.0 Professional. I admit, the hardware it has to run on is not the most sophisticated available in the market (old Pentium 133 from the junkbox, 64MB). But as I only needed a mailserver for my family, I didn't want to invest in a new server. The change to avmilter sure improved the performance a lot. I wonder if SuSE 8.1 comes with amavisd, or still with the slooooow amavis-perl version? This might just help me decide it is time for another donation to SuSE and perform an upgrade... Best regards, Arjen -- 51 N 25' 05.1" - 05 E 29' 13.3" Key fingerprint - 66 4E 03 2C 9D B5 CB 9B 7A FE 7E C1 EE 88 BC 57
On Wed, 23 Oct 2002, Arjen de Korte wrote:
The speed increase is enormous. I twice got 3000 Mails in one hour because we had an obscure mail loop; amavis (old) kicked the machine to death (flaky motherboard/RAM), on the same machine amavisd did it's job properly (with at least 3x throughput).
Ah! As I wrote, my only amavis experience comes from the amavis-perl version as bundled in SuSE 8.0 Professional. I admit, the hardware it has to run on is not the most sophisticated available in the market (old Pentium 133 from the junkbox, 64MB). But as I only needed a mailserver for my family, I didn't
Hum, virus scanning is somewhat CPU/ressource consuming :) As said already, using a daemonized virus scanner is a good idea.
want to invest in a new server. The change to avmilter sure improved the performance a lot. I wonder if SuSE 8.1 comes with amavisd, or still with the slooooow amavis-perl version? This might just help me decide it is time for another donation to SuSE and perform an upgrade...
Actually, I planned to ship amavisd for 8.1, but due to time constraints I neither could port some fixes/enhancements I did for 0.3.12pre8 to amavisd-snapshot nor could I do heavy testing. Therefore, the latest amavisd-snapshot version is not shipped. For all those brave people out there, I've put some (SRC) RPMs at ftp://ftp.suse.com/pub/people/link/amavis/SuSE/8.1/. Note, those are not official SuSE RPMs and you should use them with care! Patches I did for amavis 0.3.12pre8 can be found at ftp://ftp.suse.com/pub/people/link/amavis/SuSE/patches/. They have to be applied in a certain order, see the INDEX file. Some of them should apply to amavisd-snapshot cleanly, some have to be patched "by hand". (NB: most of those patches have been added to CVS for both the amavis and amavisd branch). I hope, Lars will put out a new amavis/amavisd release soon, but, well, he's busy with other stuff (same for me). The amavis project simply lacks man-power (but I assume, that's true for most projects :)) Note: both SuSEconfig.postfix and SuSEconfig.sendmail check via rpm -q amavis-postfix / amavis-sendmail if the correct amavis version is installed. So, for the niffty automatic amavis integration ;), you have to change this to rpm -q amavisd-postfix / amavisd-sendmail - and a similar change would be needed to the yast2-config-mail sources. Urkx, I think you should make these changes very carefully and you should (re-)think twice doing them :) (an update of postfix/sendmail/yast2-mail would revert them, too). Only for the experienced users, I think :) Please do _NOT_ ask me for building this or that RPM for SuLi x.y. My time is way too limited. I have to put some more efforts into my samba-vscan stuff and my diploma thesis. Thanks for your appreciation. And, well, amavis(d) will never as fast as AvMailGate or other products written in C. best regards, Rainer Link (SuSE Labs) -- Rainer Link | SuSE Linux AG - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (www.amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
On Wed, 23 Oct 2002, Rainer Link wrote: [ uups, follow-up to myself :) ]
Patches I did for amavis 0.3.12pre8 can be found at ftp://ftp.suse.com/pub/people/link/amavis/SuSE/patches/. They have to be
Just to avoid mis-understandings: the amavisd-snapshot-20020531-fix.dif is of course included already in the amavisd-sendmail / amavisd-postfix.rpm for 8.1. This fix is needed at least for sendmail, otherwise it wouldn't work at all (and, please, don't ask me, why there hasn't been already a never amavisd-snapshot to address this *sigh*). Thanks. best regards, Rainer Link (SuSE Labs) -- Rainer Link | SuSE Linux AG - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (www.amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
participants (3)
-
Arjen de Korte -
Rainer Link -
Thomas Lamy