Re: Comparison of antivirals for postfix on Debian
On Mon, 15 Sep 2003 14:26:09 +0100 Chris Evans [EMAIL PROTECTED] wrote: I haven't seen this recently, sorry if I've looked through it. I run a small, opt-in, Email list server for charities on Debian stable with postfix and spamassassin. I was using RAV-postfix but since M$ have bought them out and my subscription is running out, I have to replace RAV. I'm looking at Kaspersky and Vexira at present but trying to find comparative experiences from people who know what they're talking about. Any views anyone? I'll summarise private responses to the list anonymously or credited unless asked not to summarise at all. I've got Vexira running on a fairly small (150 mailboxes/500 messages per day) email server running Exim-Mysql and SA. Vexira works well with just about any MTA, auto updates are on by default (every hour IIRC). It caught nearly 3500 instances of Sobig the last two weeks. So I consider that a big win. Pretty cheap (~$250 US for 3 domains). I've basically been able to forget about it. The (IMHO) BIG drawback, is that the installation instructions tell you to let Vexira listen on port 25, and your MTA listen on some other port. Then after Vexira scans the email, it forwards it on to the MTA. This is a problem if you want to offer any kind of SMTP authentication. There may be a way to integrate it with amavis or similar, but I didn't delve that deep. BTW, be sure to turn OFF those email virus notifications ;-) -- Dustin Douglas -- Free The Lapland Six!!! http://www.freethelaplandsix.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Comparison of antivirals for postfix on Debian
On Mon, Sep 15, 2003 at 08:36:21AM -0500, Dustin Douglas wrote: On Mon, 15 Sep 2003 14:26:09 +0100 Chris Evans [EMAIL PROTECTED] wrote: I haven't seen this recently, sorry if I've looked through it. I run a small, opt-in, Email list server for charities on Debian stable with postfix and spamassassin. I was using RAV-postfix but since M$ have bought them out and my subscription is running out, I have to replace RAV. I'm looking at Kaspersky and Vexira at present but trying to find comparative experiences from people who know what they're talking about. Any views anyone? I'll summarise private responses to the list anonymously or credited unless asked not to summarise at all. I've got Vexira running on a fairly small (150 mailboxes/500 messages [...] The (IMHO) BIG drawback, is that the installation instructions tell you to let Vexira listen on port 25, and your MTA listen on some other port. Then after Vexira scans the email, it forwards it on to the MTA. You can install Vexira mailarmor as a content filter within postfix. -- Demian Wandelow LogicLinux http://www.logiclinux.com GL d? s++:- a-- C UL$ P+++ L+++ E- W+ N+++ o K- w-- O- M- V- PS+ PE Y+ PGP+ t+ 5-- X+ R+ tv+ b+++ DI+ D G++ e h r++ y+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Comparison of antivirals for postfix on Debian
Hi, You can install Vexira mailarmor as a content filter within postfix. Works like a charm for me. Haven't heard of a single slip-thru yet. I've also read nice things about Messagewall (http://www.messagewall.org/) but haven't given it a spun yet. Anybody? Bye... Nico -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Comparison of antivirals for postfix on Debian
On Monday 15 September 2003 15:26, Chris Evans wrote: [look at the subject...] I recently started using clamav, mainly because it's free. Can't say anything about effectivity and performance yet. But I also don't expect to catch many viruses in email since we're running mime_header_checks: === #/name\=\.*\.(com|exe|bat|cmd|pif|sh)\$/ REJECT /^Content-(Disposition|Type).*name\s*=\s*?(.*\.( ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|eml|exe|hlp|hta| inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws| ops|pcd|pif|prf|reg|scf|scr|sct|shb|shs|shm|swf|url| vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh))\?\s*$/REJECT Attachment name $2 may not end with .$3 (activated by mime_header_checks = regexp:/etc/postfix/mime_header_checks in main.cf, of course) anyway, so all of the recent trojans have been caught before they came to the virus scanner. Word/Excel macro viruses seem to have declined, but for these you'll still need a virus scanner. cheers -- vbi -- signature virus v1.0 - please use me in your own mail. pgp0.pgp Description: signature
