Re: [Mimedefang] Any Sophie users out there?
I haven't had a chance to play with any of this yet, but I want to summarize and share the information I've been sent on both the MIMEDefang and HIED-EMAILADMIN lists. I had expressed concern about Sophos withdrawing support for SAVI v4, while apparently no work had been done on Sophie in a decade. I received some encouraging pointers: - Sophos has a product called "SAV Dynamic Interface" (SAVDI) whose documentation claims it supports "the Sophie protocol" (among others). http://www.sophos.com/en-us/medialibrary/PDFs/documentation/savi_dynamic_20_meng.pdf (Thanks to Scott Larnach and David Webb.) - Sophie 3.05 seems to actually work with SAVI v9. (Thanks to John Kalbach and Rick Kruze.) - A milter was created to replace Sophie when it was abandoned: http://www.j-chkmail.org/j-sophosd (Thanks to Jose-Marcio Martins da Cruz, who wrote it.) Some sites report simply blocking mail which contains dangerous attachment types, and bypassing most of the virus issue that way. Thanks, all! Anne. -- Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 a...@encs.concordia.ca+1 514 848-2424 x2285 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Any Sophie users out there?
On Wed, 19 Mar 2014, Anne Bennett wrote: A belated thanks for the patch! ;-) What are you using now for anti-virus? No problem :-) Personally and professionally I've used ClamAV (via clamd) for a long time. I actually used to be a "team member" pre-Cisco, pre-SourceFire. I've used Avira AntiVir, but this happened: http://www.avira.com/en/support-for-home-knowledgebase-detail?kbid=1491 I've used F-PROT for Linux Workstations: http://www.f-prot.com/products/home_use/linux/ (but do not right now) I have not done much recent Linux anti-virus related work for client servers, but many of the ones that I used to use or at least test years ago have gone the way of the Dodo: Sophie, Trophie (+ TrendMicro), File::Scan, OpenAntiVirus, ... Not sure if McAfee/NAI/Intel uvscan is still around or not, but from what I remember that was very resource intensive to run the binary over and over every time, using a tmpfs or other RAM-based filesystem or not. I'm not involved with any environment right now where I have to worry about a large number of users and their mail, beyond making sure it gets delivered. I have a client ISP that actually does no anti-virus scanning incoming or outgoing, only recommends anti-virus software for them to install on their PC. They do have a conservative MIMEDefang filter and SpamAssassin though. Jason ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Any Sophie users out there?
I find myself in the same boat. Browsing the Sophos web site I find a product
called "SAV Dynamic Interface". The documentation suggests it provides a daemon
which supports "the Sophie protocol". I'm hoping that means the same interface
mimedefang uses to talk to sophie.
I'll hopefully get some time tomorrow to check it out.
Scott Larnach
Edinburgh University
On 19 Mar 2014, at 16:36, Anne Bennett wrote:
>
> Jason Englander responds to my question:
>
>>> I wonder if there are any other Sophie users out there?
>>>
>>> Sophos has announced that they're retiring v4 of "Sophos
>>> Anti-Virus for {Linux,Unix}" this April, and I have no idea
>>> if v9 will be compatible with Sophie (haven't tried it yet),
>
>> I'm the one that submitted a patch to add support for it
>> originally (whoa - 12 years ago...), but I have not used
>> sophie in at least 10 years.
>
> A belated thanks for the patch! ;-) What are you using now
> for anti-virus?
>
>> Does not look promising.
>
> No. :-(
>
> I'll take a look at it, and I'll post here if I come up with
> anything workable, but I wouldn't advise anyone to hold their
> breath...
>
>
>
> Anne.
> --
> Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G
> 1M8
> a...@encs.concordia.ca+1 514 848-2424
> x2285
> ___
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Any Sophie users out there?
Jason Englander responds to my question:
>> I wonder if there are any other Sophie users out there?
>>
>> Sophos has announced that they're retiring v4 of "Sophos
>> Anti-Virus for {Linux,Unix}" this April, and I have no idea
>> if v9 will be compatible with Sophie (haven't tried it yet),
> I'm the one that submitted a patch to add support for it
> originally (whoa - 12 years ago...), but I have not used
> sophie in at least 10 years.
A belated thanks for the patch! ;-) What are you using now
for anti-virus?
> Does not look promising.
No. :-(
I'll take a look at it, and I'll post here if I come up with
anything workable, but I wouldn't advise anyone to hold their
breath...
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
a...@encs.concordia.ca+1 514 848-2424 x2285
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Any Sophie users out there?
On Tue, 18 Mar 2014, Anne Bennett wrote:
I wonder if there are any other Sophie users out there?
Sophos has announced that they're retiring v4 of "Sophos
Anti-Virus for {Linux,Unix}" this April, and I have no idea
if v9 will be compatible with Sophie (haven't tried it yet),
but since Sophie has apparently had no development since about
2004, I have a Very Bad Feeling about this...
I'm the one that submitted a patch to add support for it originally (whoa
- 12 years ago...), but I have not used sophie in at least 10 years. At
one point after www.vanja.com/tools/sophie/ was no longer being updated,
there was a new developer at www.clanfield.info/sophie/, but that is
currently blank. No change at freecode.com either.
Does not look promising.
Jason
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Any Sophie users out there?
I wonder if there are any other Sophie users out there?
Sophos has announced that they're retiring v4 of "Sophos
Anti-Virus for {Linux,Unix}" this April, and I have no idea
if v9 will be compatible with Sophie (haven't tried it yet),
but since Sophie has apparently had no development since about
2004, I have a Very Bad Feeling about this...
I'm using it via "message_contains_virus_sophie" (MIMEDefang
2.58 - yes, I know I should upgrade). If anyone out there
has taken a stab at making Sophie 3.05 work with Sophos v9,
I'd love to know what your experience was.
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
a...@encs.concordia.ca+1 514 848-2424 x2285
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
