Virus Scanning, SMTP

Is there a de facto standard for email virus scanning with Linux? It
doesn't matter if it's a free solution or not (free is better of course!),
but I was wondering what other system administrators actually use out there
for filtering viruses from their corporate email.


Michael

"Michael" <michaeln@twentyten.org> writes:

> Is there a de facto standard for email virus scanning with Linux? It
> doesn't matter if it's a free solution or not (free is better of
> course!), but I was wondering what other system administrators actually
> use out there for filtering viruses from their corporate email.

Some blocks in exim ACLs for executable attachments, outright; clamav for
the rest, here.

~Tim
--
April comes to the new grass |piglet@stirfried.vegetable.org.uk
On the hills of gold |http://pig.sty.nu/

Michael wrote:

> Is there a de facto standard for email virus scanning with Linux? It
> doesn't matter if it's a free solution or not (free is better of course!),
> but I was wondering what other system administrators actually use out
> there for filtering viruses from their corporate email.

I'm using a dedicated server running Debian Woody, with postfix as the mail
server, and running amavisd-new, spamassassin, clamav, and freshclam from
backports.org.

Configuration is a matter of editing a few files, and it all goes; clam and
spamassassin both get run by amavis, so editing the amavis config file is
the biggest thing.

We're running it on a Compaq Proliant DL380, and it's handling ~25,000 email
messages per day with no noticeable strain. The one bit of customization
we did beyond the necessary stuff explained in the READMEs for the packages
is to set it to delete the stored spam and viruses after seven days, so we
wouldn't run out of disk space.

--
ZZzz |\ _,,,---,,_ Travis S. Casey <efindel@earthlink.net>
/,`.-'`' -. ;-;;,_ No one agrees with me. Not even me.
|,4- ) )-,_..;\ ( `'-'
'---''(_/--' `-'\_)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On torsdag 29. juli 2004, 21:00 Michael tried to express an opinion:

> but I was wondering what other system administrators actually use out there
> for filtering viruses from their corporate email.

Not a corporation (private server), but..
I use a filter that Delete executeable (MS)-attachments.
I've modified it so it also deletes the html part of the email.

http://advosys.ca/papers/postfix-filtering.html



- --
Solbu - http://www.solbu.net
Remove 'ugyldig' for email
PGP key ID: 0xFA687324
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBCcqBT1rWTfpocyQRAoLpAKD1/fZsT4JZ4BqMAigJMMmT4Cm+egCfQswR
NLIg4kUgCak15D2DfT2R5Ic=
=jWW0
-----END PGP SIGNATURE-----

Hi,

I do this using:

sendmail - mimedefang (uses sendmail milter API) - clamav

http://www.mimedefang.org/
http://www.clamav.net/

I think it was a good choice, it is quite stable, flexible, really a
good solution...

Greg

Michael wrote:
> Is there a de facto standard for email virus scanning with Linux? It
> doesn't matter if it's a free solution or not (free is better of course!),
> but I was wondering what other system administrators actually use out there
> for filtering viruses from their corporate email.
>
>
> Michael
>

I am a qmail fan.
At first I use rbls to block all known-exploited(able) ipaddress
Then thanks to qmail-qfilter I block all executable attachement.
I also block a *lot* of spam from antivirus vendors claiming "your
computer sent a virus" etc ( actually these emails are nastier than virii )
Then I use clamav ( I run clamd under supervise and wrote a small script
to run clamdscan under qmail-qfilter )
At last I run spamc ( from spamassassin ) from qmail-qfilter

Note than thanks to the qmail-qfilter mechanism there is _ no bounce
email _ generated by my server. Only a 553 or 554 smtp response sent to
the spammer / virus robot..

Be very careful to not setup a solution which will spam the internet
with non-sense email ( "the email you sent to xxxx contained the Netsky
virus.. " )!!

Michael spilled the following:

> Is there a de facto standard for email virus scanning with Linux?

no

C.