Re: Antivirus solution
Thanks for everybodys comments and suggestions. Now I just have to make a decision on which way to jump. Cheers Al
Re: Antivirus solution
On Fri, Jan 30, 2004 at 09:52:51AM -, Allister Gearon wrote: Hi all, can anybody recommend an antivirus solution for scanning incoming email at least (outgoing emails would be a bonus) with a SuSE based (8.2) Cyrus-IMAP mailserver. Versions are; cyrus - imapd 2.1.12 cyrus - sasl2 2.1.12 fetchmail6.2.1 db4.0.14 postfix2.0.6 Thanks for your help Alllister Gearon I have recently set up MailScanner (www.mailscanner.info). You plug in your favourite spam catcher (SpamAssasin) it can interface to something like 15 antivirus scanners, the one that I have been using is Clam AntiVirus (http://www.clamav.net/), open source seems to have a well updated database (again no subscription). Slotted in nicely with exim, I think that MailScanner has postifx hooks. -- Alain Williams #include std_disclaimer.h FATHERS-4-JUSTICE - Campaigning for equal rights for parents and the best interests of our children. See http://www.fathers-4-justice.org
Re: Antivirus solution
On Fri, 2004-01-30 at 17:52, Allister Gearon wrote: can anybody recommend an antivirus solution for scanning incoming email at least (outgoing emails would be a bonus) with a SuSE based (8.2) Cyrus-IMAP mailserver. I've had great results with ClamAV. I use it in Milter mode with Sendmail and MimeDefang with SpamAssasin. It works a treat, and there's no glue layer to have to mess about with. -- Craig Ringer
Re: Antivirus solution
Zitat von Allister Gearon [EMAIL PROTECTED]: Hi all, can anybody recommend an antivirus solution for scanning incoming email at least (outgoing emails would be a bonus) with a SuSE based (8.2) Cyrus-IMAP mailserver. Versions are; cyrus - imapd 2.1.12 cyrus - sasl2 2.1.12 fetchmail6.2.1 db4.0.14 postfix2.0.6 Thanks for your help Alllister Gearon Wrong list ... Virusscan is normaly done at MTA level (postfix in your case). Have a look at http://www.postfix.org/docs.html. If you want to use mailscanner as suggested by some other post be sure to have a look at the postfix mailing-list archieves. There are several drawbacks in using this. Most recommended is Vexira (www.centralcommand.com) but you can search the archives of the postfix mailing list for more info. Regards Andreas
Re: Antivirus solution
Zitat von Allister Gearon [EMAIL PROTECTED]: Thanks for your reply, I assumed that if incoming email was to be scanned the antivirus/spam program would have to catch it after Fetchmail has downloaded the mail from the ISP, or during Cyrus' processing of the mail to local mailboxes (I am using lmtp which uses cyrus's deliver daemon for local delivery). As I understood postfix only comes into the picture when sending mail, either locally or externally. Have I got the wrong end of the stick? Thanks Al Fetchmail should be configured to inject the mail via local MTA eg. by SMTP to localhost or invoking the sendmail command. This way your MTA is able to scan the mail. The normal way is that the MTA is responsible for sending and reciveiving mail, fetchmail is some special case in this picture. Regards Andreas
Re: Antivirus solution
Zitat von Allister Gearon [EMAIL PROTECTED]: Thanks for your reply, I assumed that if incoming email was to be scanned the antivirus/spam program would have to catch it after Fetchmail has downloaded the mail from the ISP, or during Cyrus' processing of the mail to local mailboxes (I am using lmtp which uses cyrus's deliver daemon for local delivery). As I understood postfix only comes into the picture when sending mail, either locally or externally. Have I got the wrong end of the stick? Thanks Al if you use amavisd-new (not sure about the ng stuff) you put it before cyrus. I use lmtp delivery and it works just fine. excerpts from main.cf mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp content_filter = smtp-amavis:[127.0.0.1]:10024 excerpts from master.cf smtp-amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes I took this setup pretty much straight from the debian documentation for amavisd and it works like a champ. I have clam installed for the virus detection and spamassassin for spam. Amavisd takes care of calling them. Eric smime.p7s Description: S/MIME Cryptographic Signature
Re: Antivirus solution
Allister Gearon wrote: Hi all, can anybody recommend an antivirus solution for scanning incoming email at least (outgoing emails would be a bonus) with a SuSE based (8.2) Cyrus-IMAP mailserver. Versions are; cyrus - imapd 2.1.12 cyrus - sasl2 2.1.12 fetchmail6.2.1 db4.0.14 postfix2.0.6 Thanks for your help Alllister Gearon vexira also f-secure http://www.f-secure.com/products/anti-virus/linux/
Re: Antivirus solution
i am currently using amavisd-new to do it. it is available at http://www.ijs.si/software/amavisd/ for the actual anti virus scanner, i use clamav at http://www.clamav.net i am running a gentoo linux machine using the 2.4 kernel series and am running imapd - 2.1.15 sasl - 2.1.15 postfix - 2.0.16 db - 4.1.25 using the standard postfix setup it scans both incoming and outgoing messages. aal On Jan 30, 2004, at 4:52 AM, Allister Gearon wrote: Hi all, can anybody recommend an antivirus solution for scanning incoming email at least (outgoing emails would be a bonus) with a SuSE based (8.2) Cyrus-IMAP mailserver. Versions are; cyrus - imapd 2.1.12 cyrus - sasl2 2.1.12 fetchmail6.2.1 db4.0.14 postfix2.0.6 Thanks for your help Alllister Gearon
Re: Antivirus solution
On Fri, 2004-01-30 at 01:52, Allister Gearon wrote: Hi all, can anybody recommend an antivirus solution for scanning incoming email at least (outgoing emails would be a bonus) with a SuSE based (8.2) Cyrus-IMAP mailserver. Versions are; cyrus - imapd 2.1.12 cyrus - sasl2 2.1.12 fetchmail6.2.1 db4.0.14 postfix2.0.6 You can find information about the solution I've implemented here: http://nakedape.cc/products/packages/maildefender/paper Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * * Naked Ape Consulting http://nakedape.cc * * Secure E-mail Server * * Naked Ape Mail Defender http://nakedape.cc/r/md * signature.asc Description: This is a digitally signed message part
Re: Antivirus
On Wed, 15 Jan 2003, Sebastien Marmorat wrote: Hi, What is the best antivirus solution for my mail server Cyrus/Postfix ? I'm not running a production system yet, but I have a test system running Cyrus to replace our current UWimapd based solution as soon as the new hardware for it arrives. On the test system, which is behaving very well, I have, besides Cyrus 2.1.11, Sendmail 8.12.6 and AmaVis (http://www.ijs.si/software/amavisd/) (via the milter interface), with SpamAssassin 2.43 (http://spamassassin.sourceforge.net/) and Clam AntiVirus (http://clamav.elektrapro.com/). A cronjob downloads the new virus database once a day. The new Sobig virus got first detected on Jan 14h, which is 5 days after its breakout, iirc. I have not enough experience with other anti-virus solutions to decide whether 5 days is a fast or rather a slow response. Maybe, the big commercial players have better response times. It would be nice to have a specs/features matrix of the available virus scanners. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html
RE: Antivirus
I found that using content filters, such as SpamAssasin, could be used to block 95% of virii by simply blocking any file attachment type bar .zip. Things like FriendsGreetings and the like could be blocked on an ad-hoc basis as soon as the sys admin is aware of them by just adding a new rule. By doing that I kept the company virus free since implementation. Just my 2 euros worth... -Original Message- From: Piet Ruyssinck [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 10:23 To: [EMAIL PROTECTED] Subject: Re: Antivirus On Wed, 15 Jan 2003, Sebastien Marmorat wrote: Hi, What is the best antivirus solution for my mail server Cyrus/Postfix ? I'm not running a production system yet, but I have a test system running Cyrus to replace our current UWimapd based solution as soon as the new hardware for it arrives. On the test system, which is behaving very well, I have, besides Cyrus 2.1.11, Sendmail 8.12.6 and AmaVis (http://www.ijs.si/software/amavisd/) (via the milter interface), with SpamAssassin 2.43 (http://spamassassin.sourceforge.net/) and Clam AntiVirus (http://clamav.elektrapro.com/). A cronjob downloads the new virus database once a day. The new Sobig virus got first detected on Jan 14h, which is 5 days after its breakout, iirc. I have not enough experience with other anti-virus solutions to decide whether 5 days is a fast or rather a slow response. Maybe, the big commercial players have better response times. It would be nice to have a specs/features matrix of the available virus scanners. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html
RE: Antivirus
I've found an excellent SPAM/Virus scanner is MailScanner (www.mailscanner.info). It plugs into sendmail very well (doesn't use the milter, just 2 instances of sendmail). Works with heaps of virus scanners and it's GPL software. Regards On Thu, 2003-01-16 at 23:57, Russell Packer wrote: I found that using content filters, such as SpamAssasin, could be used to block 95% of virii by simply blocking any file attachment type bar .zip. Things like FriendsGreetings and the like could be blocked on an ad-hoc basis as soon as the sys admin is aware of them by just adding a new rule. By doing that I kept the company virus free since implementation. Just my 2 euros worth... -Original Message- From: Piet Ruyssinck [mailto:[EMAIL PROTECTED]] Sent: 16 January 2003 10:23 To: [EMAIL PROTECTED] Subject: Re: Antivirus On Wed, 15 Jan 2003, Sebastien Marmorat wrote: Hi, What is the best antivirus solution for my mail server Cyrus/Postfix ? I'm not running a production system yet, but I have a test system running Cyrus to replace our current UWimapd based solution as soon as the new hardware for it arrives. On the test system, which is behaving very well, I have, besides Cyrus 2.1.11, Sendmail 8.12.6 and AmaVis (http://www.ijs.si/software/amavisd/) (via the milter interface), with SpamAssassin 2.43 (http://spamassassin.sourceforge.net/) and Clam AntiVirus (http://clamav.elektrapro.com/). A cronjob downloads the new virus database once a day. The new Sobig virus got first detected on Jan 14h, which is 5 days after its breakout, iirc. I have not enough experience with other anti-virus solutions to decide whether 5 days is a fast or rather a slow response. Maybe, the big commercial players have better response times. It would be nice to have a specs/features matrix of the available virus scanners. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Piet RUYSSINCKe-mail: [EMAIL PROTECTED] Unix Systeem Administratie tel: +32 9 264 4733 Directie Informatie- en Communicatietechnologie (ICT) fax: +32 9 264 4994 Universiteit Gent (RUG) Krijgslaan 281, gebouw S9 - 9000 Gent, Belgie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Please avoid sending me Word or PowerPoint attachments See http://www.fsf.org/philosophy/no-word-attachments.html -- Oliver Jones Senior Software Engineer Deeper Design Limited. [EMAIL PROTECTED] www.deeperdesign.com +64 (21) 41-2238
Re: Antivirus
Sophos has worked great for me and my company. Damon On Wed, 2003-01-15 at 10:38, Sebastien Marmorat wrote: Hi, What is the best antivirus solution for my mail server Cyrus/Postfix ? Thanks a lot, Sebastien.
Re: Antivirus
On Wed, 15 Jan 2003, Sebastien Marmorat wrote: What is the best antivirus solution for my mail server Cyrus/Postfix ? I use AMaViS acting as a SMTP filter for postfix. AMaViS is configured to use F-Prot and Clam AntiVirus for it's virus engines, though it can support many others. Specifically, I am using amavis-ng. The following page has it (and other versions of amavis): http://sourceforge.net/projects/amavis If you go with amavis-ng, make sure to look at and download the various user patches. Clam AntiVirus: http://clamav.elektrapro.com/ F-Prot (free for non-commercial use): http://www.f-prot.com/products/index.html Good luck. -peace -- Let he who is without clue kiss my ass
Re: Antivirus
We use Trend Micro's Interscan Viruswall, and it seems to work really well...the install was trivial actuallyl. _ David ChaitSys Admin - Facilities Operations333 Bonair Siding Road #107Stanford CA, 94305[EMAIL PROTECTED] - Original Message - From: Sebastien Marmorat To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 7:38 AM Subject: Antivirus Hi, What is the best antivirus solution for my mail serverCyrus/Postfix ? Thanks a lot, Sebastien.
Re: Antivirus
On Wed, 15 Jan 2003, Sebastien Marmorat wrote: What is the best antivirus solution for my mail server Cyrus/Postfix ? We use amavisd-new at work, which works very very well with Postfix. Use whatever virus scanner you want (such as clamav), and you can also have side-wide SPAM filtering through spamassassin, if you've got the CPU to spare. This question is best send to the MTA (postfix, in your case) mailinglist, since Cyrus doesn't even enter the picture. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Antivirus
At 15:00 -0200 Henrique de Moraes Holschuh wrote: since Cyrus doesn't even enter the picture. Hey, why not? Now that you've switched from UW-IMAP to Cyrus, you need something to do with your spare CPU cycles.. Maybe a hook could be bolted in whenever an IMAP fetch or store command is requested. There is a possible protocol for this called ICAP, for which patches to squid exist. At least Symantec offer a commercial ICAP server; there's a GPLish one written in Python IIRC. Alternatively a small, clean API could be introduced at build time (a bit like local_scan() in Exim 4) or via DSOs (a la Apache), and if someone wanted to write an ICAP client as such a function or modules it would be their concern. Matt :-)
Re: Antivirus
On Wed, 15 Jan 2003, Matt Bernstein wrote: Maybe a hook could be bolted in whenever an IMAP fetch or store command is requested. There is a possible protocol for this called ICAP, for which patches to squid exist. At least Symantec offer a commercial ICAP server; there's a GPLish one written in Python IIRC. I know nothing about ICAP, but it might be an interesting idea... go ahead ;-) -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Antivirus for Cyrus IMAPD
hello! you can also use amavis for scanning emails. manfred --On Mittwoch, 14. Februar 2001 22:15 -0600 Avi Schwartz [EMAIL PROTECTED] wrote: On a Linux installation I am using Antivir/avmailgate made by H+BEDV (http://www.hbedv.com/) in Germany. It is free for personal use. Avi --On Wednesday, February 14, 2001 06:56:26 PM -0600 Paul Wiechman [EMAIL PROTECTED] wrote: I think that the list could benefit from it. Thanks in advance. Paul Wiechman Eugene Vasilchenko wrote: Hello all! Anyone wants working AV solution for use with Cyrus IMAPD and sendmail? I am using it for few months - it works fine. It based AVP for BSD/FreeBSD software by Kaspersky Lab. http://www.kaspersky.com If it's intresting to someone, I'll send step-by-step install instructions, to the list or personally. Best regards, Eugene Vasilchenko, -- Avi Schwartz Get a Life, [EMAIL PROTECTED] Get Linux!
Re: Antivirus for Cyrus IMAPD
I've been using it to keep my systems clean and it hasn't cause me a problem. I'm currently evaluating IMAP 2.0.11 so that I can upgrade for 1.6.24. Any ideas what would be the best way to hook in the virus scanner. Would it be best to call from Exim before it calls deliver, or should I spawn it from Cyrus? -Allan On Thu, 15 Feb 2001 11:45:51 +0100, Manfred Gschweidl wrote: hello! you can also use amavis for scanning emails. manfred --On Mittwoch, 14. Februar 2001 22:15 -0600 Avi Schwartz [EMAIL PROTECTED] wrote: On a Linux installation I am using Antivir/avmailgate made by H+BEDV (http://www.hbedv.com/) in Germany. It is free for personal use. Avi --On Wednesday, February 14, 2001 06:56:26 PM -0600 Paul Wiechman [EMAIL PROTECTED] wrote: I think that the list could benefit from it. Thanks in advance. Paul Wiechman Eugene Vasilchenko wrote: Hello all! Anyone wants working AV solution for use with Cyrus IMAPD and sendmail? I am using it for few months - it works fine. It based AVP for BSD/FreeBSD software by Kaspersky Lab. http://www.kaspersky.com If it's intresting to someone, I'll send step-by-step install instructions, to the list or personally. Best regards, Eugene Vasilchenko, -- Avi Schwartz Get a Life, [EMAIL PROTECTED] Get Linux! - Allan Rafuse - Systems Administrator Freeview Publishing Inc. email: [EMAIL PROTECTED] web: http://www.freeview.com
Re: Antivirus for Cyrus IMAPD
I think that the list could benefit from it. Thanks in advance. Paul Wiechman Eugene Vasilchenko wrote: Hello all! Anyone wants working AV solution for use with Cyrus IMAPD and sendmail? I am using it for few months - it works fine. It based AVP for BSD/FreeBSD software by Kaspersky Lab. http://www.kaspersky.com If it's intresting to someone, I'll send step-by-step install instructions, to the list or personally. Best regards, Eugene Vasilchenko,
Re: Antivirus for Cyrus IMAPD
On a Linux installation I am using Antivir/avmailgate made by H+BEDV (http://www.hbedv.com/) in Germany. It is free for personal use. Avi --On Wednesday, February 14, 2001 06:56:26 PM -0600 Paul Wiechman [EMAIL PROTECTED] wrote: I think that the list could benefit from it. Thanks in advance. Paul Wiechman Eugene Vasilchenko wrote: Hello all! Anyone wants working AV solution for use with Cyrus IMAPD and sendmail? I am using it for few months - it works fine. It based AVP for BSD/FreeBSD software by Kaspersky Lab. http://www.kaspersky.com If it's intresting to someone, I'll send step-by-step install instructions, to the list or personally. Best regards, Eugene Vasilchenko, -- Avi Schwartz Get a Life, [EMAIL PROTECTED] Get Linux!
