>I'm looking for an Anti-Virus solution for my client, and was a little
>surprised that Ipswitch didn't have a reccomended list. My client is
>running iMail 6.02 on Windows 2000 Advanced Server. Norton AntiVirus 2001
>is installed on the machine to protect the OS, but what I'm looking for is a
>solution for scanning the emails in real time - to protect the recipients
>before they recieve their mail. Any suggestions?
Forest,
I got the anti-virus version IMGate running this week on an old
testbed machine, just a P75 with 32 megs RAM. It scans SMTP mail
before delivery to the mailbox server.
Here's your msg's headers showing the X-virus-scanned header:
From: "Forest C. Wood, Sr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Sat, 16 Dec 2000 11:28:35 -0500
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Disposition-Notification-To: "Forest C. Wood, Sr." <[EMAIL PROTECTED]>
Subject: [IMail Forum] Anti-Virus Reccomendations
Precedence: bulk
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X-Virus-Scanned: by AMaViS PERL-10 on VirusGate.MEIway.com
X-RCPT-TO: <[EMAIL PROTECTED]>
The anti-virus scanner softare costs $560/year (I don't sell it, yet,
see www.KasperskyLab.ru) for unlimited domains and mailboxes. Compare
with $30K for the Trend Micro "unlimited ISP version" or the $1 per
mailbox-month from Sophos. The IMGate stuff is "free", as always.
I've got PERL script that runs every morning and pulls daily.zip from
the Kasperksy ftp site, unzips it to the virus database directory,
and stops/starts the Kaspersky scanning daemon to read in the new files.
I should have a more powerful machine (MHz and RAM) next week to go
into full production with the AV box. One user in Italy scans 40K
msgs/day with an IMGate-AV type of setup, and catches 100's of viruses daily.
Our set up here is:
1. 2 IMGate boxes as MX's doing incoming defense and all outgoing
deliveries. Per-domain (AV scanning is a payable option chez nous),
the MX's route the incoming mail 2. or 3 or 4. They also do global
RegEx header and body filtering, rejecting a decent amt of crap right
there, as Andrew Kaplan reported here yesterday.
2. IMGate-AV box. routes to 3 or 4.
3. Imail. it sends its outgoing to 1, for now.
4. Listar MLM (incoming to listar also goes through IMgate-AV). Does
its own outgoing, capable of about 20K deliveries/hour.
The AV box, when it quarantines a msg to the "infected" directory,
sends an Virus Alert msg to the sender, to the recipient, and to our
admin address.
IMGate-AV is more of a pain to set up in the general case than just
IMGate, because it's doing a lot more complex stuff, plus you need
umpteen un/archivers and MIME handlers to be able to handle as many
msg formats as possible, but I think I can simplify it greatly.
Plus AV scanning is a lot more compute-intensive that just slinging
SMTP traffic in/out. So all those IMGate operators who are now
loafing by with those old P75's and 32 megs of RAM will need to think
a lot bigger for their dedicated AV scanner boxes. I figure a
Celeron in the 700 - 800 MHz range with 256 megs RAM would be capable
of many 10's of 1000's of msgs / day with an avg msg size of 20
kbytes. Still well under $1K for the box. But the hardware isn't the
expense/saving, it's avoiding the multi K$ purchase price for the
"name brand" unlimited AV SMTP software pls $K / year for the virus
update subscriptions.
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 T9B for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
