You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by qqqq <qq...@usermail.com> on 2006/05/01 21:18:39 UTC

Way OT: What do you use for anti-virus (Linux)

I can say that the best, and most affordable, anti-virus package I have ever used was RAV.  Until is
was bought out by Microsoft.  I have since been using ClamAV but it sure uses allot of RAM.

What do you use?

QQQQ

Re: Way OT: What do you use for anti-virus (Linux)

Posted by Mathias Homann <ad...@eregion.de>.

Am Montag, 1. Mai 2006 21:18 schrieb qqqq:
> I can say that the best, and most affordable, anti-virus package I
> have ever used was RAV.  Until is was bought out by Microsoft.  I
> have since been using ClamAV but it sure uses allot of RAM.
>
> What do you use?

clamav.
clamd uses some 2.8% of my ram when idle, which amounts to ... 10 mb.
I don't think thats too much...
bye,
	MH

-- 
gpg key fingerprint: 5F64 4C92 9B77 DE37 D184  C5F9 B013 44E7 27BD 
763C

Re: Way OT: What do you use for anti-virus (Linux)

Posted by Steve Thomas <li...@sthomas.net>.

> Yeah ... the university got a fairly good deal on our per-user costs
> for Sophos.  I doubt I'd buy it for personal use, either.

They don't have a consumer product. They sell exclusively to the
business/government/education sectors.

We use sophos on the desktop and on the mail server, called from exim via
exiscan (now integrated into the official exim distribution, I believe)
and sophie. No complaints here.

If you're only looking for a scanner on the mail server, then Sophos
probably isn't for you, but if you're looking for an overall a/v solution
for your organization, it's a great product, IMHO.

Re: Way OT: What do you use for anti-virus (Linux)

Posted by John Rudd <jr...@ucsc.edu>.

On May 1, 2006, at 13:21, qqqq wrote:

>
> | At work:
> |
> | mailscanner calls both sophos av (via sweep) and spamassassin
> |
> |
> | At home:
> |
> | mimedefang calls both clamav (via clamd) and spamassassin
> |
> |
> | I have less RAM on the home machine than the work machines, and 
> ClamAV
> | seems to do just fine.
>
>
> I recall trying Sophos but after the evaluation period, I saw their 
> prices and I had to run from the
> product.
>

Yeah ... the university got a fairly good deal on our per-user costs 
for Sophos.  I doubt I'd buy it for personal use, either.

Re: Way OT: What do you use for anti-virus (Linux)

Posted by qqqq <qq...@usermail.com>.

| At work:
|
| mailscanner calls both sophos av (via sweep) and spamassassin
|
|
| At home:
|
| mimedefang calls both clamav (via clamd) and spamassassin
|
|
| I have less RAM on the home machine than the work machines, and ClamAV
| seems to do just fine.


I recall trying Sophos but after the evaluation period, I saw their prices and I had to run from the
product.

QQQQ

Re: Way OT: What do you use for anti-virus (Linux)

Posted by John Rudd <jr...@ucsc.edu>.

I haven't been happy with CGP's anti-virus/anti-spam options 
(specifically a lack of ability to do "during the SMTP transaction" 
processing), so I tend to use a gateway approach.

1) On my production CGP machines, there is a group of sendmail boxes 
that sit in front of them handling all non-SMTP-AUTH traffic.  These 
currently run mailscanner, but will shortly move to mimedefang (most 
likely).  I will be setting up a rule in the near future that tells the 
CGP machines to send all messages which haven't been through the 
sendmail machines to the sendmail machines.

2) On one of my development boxes, CGP doesn't answer on port 25.  It 
answers only to localhost on another port.  Sendmail runs on port 25, 
with mimedefang, and then delivers mail to the CGP port on localhost.

In both cases, SMTP-AUTH traffic currently goes directly to the CGP 
process.  One of the other "near future" goals is to get STMP-AUTH set 
up on the sendmail side, and then all SMTP traffic will go directly to 
the sendmail processes.

Using mimedefang lets me reject viruses and very-high-scoring-spam 
during the SMTP transaction ... so that I don't have to either:

a) violate RFC's by quietly deleting messages, nor
b) hold on to and try to bounce messages that are probably heading back 
to non-existent senders or forged senders.

Instead, my mail servers can just refuse to accept responsibility for 
messages whose content is inappropriate.

On May 1, 2006, at 13:37, Tracey Gates wrote:

> Has anyone used or tried Panda for Linux?  If so, what is your 
> feedback on the product?  We use it only on the client machines but 
> haven't ran it on my email/web server.  To tell the truth, I'm a 
> little scared to install it with running CommuniGate Pro, CGPSA, 
> Spamassassin without having a test server to see the effects in case 
> it screws something up.
>  
>
> Tracey Gates
> Lead Developer
> tgates@yoursummit.com
>
>
> -----Original Message-----
> From: Ricardo Oliveira [mailto:ricardo.m.oliveira@gmail.com]
> Sent: Monday, May 01, 2006 3:30 PM
> To: users@spamassassin.apache.org
> Subject: Re: Way OT: What do you use for anti-virus (Linux)
>
>> John,
>>
>> I use sophos too, but I though I'd drop the note on a 
>> memory-and-performance-saver: Sophie is a deamon which received the 
>> messages, processos them and returns the result "infected" or "not 
>> infected" instead of forking a new sweep process for every incoming 
>> email.
>>
>> This resulted in WAY lower memory and CPU usage in my email servers.
>> Regards,
>> Ricardo Oliveira

RE: Way OT: What do you use for anti-virus (Linux)

Posted by Tracey Gates <tg...@yoursummit.com>.

Has anyone used or tried Panda for Linux?  If so, what is your feedback
on the product?  We use it only on the client machines but haven't ran
it on my email/web server.  To tell the truth, I'm a little scared to
install it with running CommuniGate Pro, CGPSA, Spamassassin without
having a test server to see the effects in case it screws something up.
 

Tracey Gates
Lead Developer
 <ma...@yoursummit.com> tgates@yoursummit.com 

-----Original Message-----
From: Ricardo Oliveira [mailto:ricardo.m.oliveira@gmail.com] 
Sent: Monday, May 01, 2006 3:30 PM
To: users@spamassassin.apache.org
Subject: Re: Way OT: What do you use for anti-virus (Linux)



John,

I use sophos too, but I though I'd drop the note on a
memory-and-performance-saver: Sophie is a deamon which received the
messages, processos them and returns the result "infected" or "not
infected" instead of forking a new sweep process for every incoming
email. 

This resulted in WAY lower memory and CPU usage in my email servers.
Regards,

Ricardo Oliveira

Re: Way OT: What do you use for anti-virus (Linux)

Posted by Ricardo Oliveira <ri...@gmail.com>.

I'm currently using qmail + qmail-scanner.

The messages are sent to the sophie process as they arrive - I allow 150+
connections per second, so instead of forking 150 sweeps per message I just
use one deamon (sophie).
The messages are received by qmail-smtp, are sent to qmail-scanner which
passes them through spamassassin (spamc+spamd) and sohpie.

If you need any help on this setup, contact me off-list, I'd be glad to
help.

Regards,
Ricardo Oliveira

Re: Way OT: What do you use for anti-virus (Linux)

Posted by qqqq <qq...@usermail.com>.

I use MailScanner and Qmail-Scanner depending on the server.

QQQQ
----- Original Message ----- 
From: "John Rudd" <jr...@ucsc.edu>
To: "Ricardo Oliveira" <ri...@gmail.com>
Cc: <us...@spamassassin.apache.org>
Sent: Monday, May 01, 2006 3:33 PM
Subject: Re: Way OT: What do you use for anti-virus (Linux)

| 
| On May 1, 2006, at 13:30, Ricardo Oliveira wrote:
| 
| > John,
| >
| > I use sophos too, but I though I'd drop the note on a 
| > memory-and-performance-saver: Sophie is a deamon which received the 
| > messages, processos them and returns the result "infected" or "not 
| > infected" instead of forking a new sweep process for every incoming 
| > email.
| >
| > This resulted in WAY lower memory and CPU usage in my email servers.
| >
| 
| How are you invoking Sophos?  MailScanner doesn't do its virus scanning 
| "one message at a time", it does them in bulk batches ... and I'm 
| pretty sure it gets a very good performance gain for that.
| 
|

Re: Way OT: What do you use for anti-virus (Linux)

Posted by John Rudd <jr...@ucsc.edu>.

On May 1, 2006, at 13:30, Ricardo Oliveira wrote:

> John,
>
> I use sophos too, but I though I'd drop the note on a 
> memory-and-performance-saver: Sophie is a deamon which received the 
> messages, processos them and returns the result "infected" or "not 
> infected" instead of forking a new sweep process for every incoming 
> email.
>
> This resulted in WAY lower memory and CPU usage in my email servers.
>

How are you invoking Sophos?  MailScanner doesn't do its virus scanning 
"one message at a time", it does them in bulk batches ... and I'm 
pretty sure it gets a very good performance gain for that.

Re: Way OT: What do you use for anti-virus (Linux)

Posted by Ricardo Oliveira <ri...@gmail.com>.

John,

I use sophos too, but I though I'd drop the note on a
memory-and-performance-saver: Sophie is a deamon which received the
messages, processos them and returns the result "infected" or "not infected"
instead of forking a new sweep process for every incoming email.

This resulted in WAY lower memory and CPU usage in my email servers.
Regards,
Ricardo Oliveira

Re: Way OT: What do you use for anti-virus (Linux)

Posted by John Rudd <jr...@ucsc.edu>.

On May 1, 2006, at 12:18 PM, qqqq wrote:

> I can say that the best, and most affordable, anti-virus package I 
> have ever used was RAV.  Until is
> was bought out by Microsoft.  I have since been using ClamAV but it 
> sure uses allot of RAM.
>
> What do you use?
>

At work:

mailscanner calls both sophos av (via sweep) and spamassassin


At home:

mimedefang calls both clamav (via clamd) and spamassassin


I have less RAM on the home machine than the work machines, and ClamAV 
seems to do just fine.

Re: Way OT: What do you use for anti-virus (Linux)

Posted by qqqq <qq...@usermail.com>.

I used to use them.  However, you know the password protected zip file viruses?  My customers were up in arms as these flowed right through.  However, ClamAV caught them with ease.  I dropped them because of this.  Also, the Milter would die from time to time and support didn't really help.

QQQQ
  ----- Original Message ----- 
  From: Alejandro Lengua 
  To: qqqq 
  Cc: users@spamassassin.apache.org 
  Sent: Monday, May 01, 2006 4:47 PM
  Subject: Re: Way OT: What do you use for anti-virus (Linux)

  Check out these guys
  http://www.centralcommand.com/

  their product, Vexira antivirus, has a similar price scheme to the extint RAV

  On 5/1/06, qqqq <qq...@usermail.com> wrote:
    I can say that the best, and most affordable, anti-virus package I have ever used was RAV.  Until is
    was bought out by Microsoft.  I have since been using ClamAV but it sure uses allot of RAM.

    What do you use?

    QQQQ

Re: Way OT: What do you use for anti-virus (Linux)

Posted by Alejandro Lengua <al...@gmail.com>.

Check out these guys
http://www.centralcommand.com/

their product, Vexira antivirus, has a similar price scheme to the extint
RAV

On 5/1/06, qqqq <qq...@usermail.com> wrote:
>
> I can say that the best, and most affordable, anti-virus package I have
> ever used was RAV.  Until is
> was bought out by Microsoft.  I have since been using ClamAV but it sure
> uses allot of RAM.
>
> What do you use?
>
> QQQQ
>
>

Re: Way OT: What do you use for anti-virus (Linux)

Posted by Bill Landry <bi...@pointshare.com>.

----- Original Message ----- 
From: "jdow" <jd...@earthlink.net>

> From: "qqqq" <qq...@usermail.com>
>
>>I can say that the best, and most affordable, anti-virus package I have 
>>ever used was RAV.  Until is
>> was bought out by Microsoft.  I have since been using ClamAV but it sure 
>> uses allot of RAM.
>>
>> What do you use?
>
> ClamAV via the SpamAssassin ClamAV plugin. That is only the second line
> of a defense in depth. I use Earthlink's AV scanner first. Then I use
> ClamAV. Then I use F-Secure on the main PC. So far ClamAV has not caught
> anything but some phishes. But then neither has F-Secure. (ClamAV has
> been 100.0% on the (few) phishes it caught. And maybe they were phishes
> that installed malware when you opened them. I didn't check.)

If you want to catch a boat load of phish, add Steve Basford's phish 
signature file to ClamAV and sit back and watch the action.  You can find 
them at http://www.sanesecurity.com/clamav/.  He updates them regularly, and 
accepts phish submissions and false positive reports.  So far they have been 
working great here for the past 2 months.

Bill

Re: Way OT: What do you use for anti-virus (Linux)

Posted by jdow <jd...@earthlink.net>.

From: "qqqq" <qq...@usermail.com>

>I can say that the best, and most affordable, anti-virus package I have ever used was 
>RAV.  Until is
> was bought out by Microsoft.  I have since been using ClamAV but it sure uses allot of 
> RAM.
>
> What do you use?

ClamAV via the SpamAssassin ClamAV plugin. That is only the second line
of a defense in depth. I use Earthlink's AV scanner first. Then I use
ClamAV. Then I use F-Secure on the main PC. So far ClamAV has not caught
anything but some phishes. But then neither has F-Secure. (ClamAV has
been 100.0% on the (few) phishes it caught. And maybe they were phishes
that installed malware when you opened them. I didn't check.)

{^_^}