On Thu, Mar 01, 2007 at 09:38:13AM +1100, Daniel Kasak wrote: > > I've been asked to integrate dspam into an existing setup with an > Exchange server and add a commercial antivirus scanner ( they're > not so hot on the idea of ClamAV ). Is it possible to integrate > other antivirus software? I've seen a handful of references to > TrendMicro integration, but no examples.
What level of integration are you looking for? Most commercial scanners will have their own management interface, so you can just make it another hop in your mail system. Virus scanners should have a very low false positive rate, so you probably don't need per-user quarantines for viruses. In other words, configure the commercial AV scanner to accept mail via SMTP and relay it to another SMTP server (e.g. Exchange or your dspam server). They can be on the same physical machine if need be (just use different ports). For example, my setup looks like this: Server 1: internet -> postfix -> clamsmtp -> postfix Server 2: -> trend interscan Server 3: -> postfix -> dspam Server 4: -> exchange SMTP is generally the easiest way to integrate with other mail processing products. Whatever you do, I'd suggest doing the virus scanning before dspam, as the statistical analysis is pretty heavy and it's good to get the low-hanging fruit as early as possible. For anyone interested, in the last month our Interscan box has detected 52 viruses, mostly WORM_MYDOOM and WORM_MYTOB. clamsmtpd has detected 48 "viruses", but they're actually all spam or phishing from the MSRBL database. So I think you're definitely correct in not wanting to rely on clamav. Of course, it appears our other UCE controls are the most effective way to prevent email viruses; I suspect greylisting is the single most effective thing we do.
