[xmail] Re: Clam AV?
On Fri, 29 Aug 2003, EDV - WHW (Goesta Smekal) wrote: > > On 28 Aug 2003 at 14:12, Toby Reiter wrote: > > > So I'd like to use Clam Av (unless anyone has any other open source > > anti-virus ideas for Linux). > > As others said before: use it with caution ! We used it for a while > but after the Klez.H outbreak I switched to Sophos. If you do serious > > business I think it's worth investing in a commercial scanner (I > never thought I would say that since I'm a free software junkie) What you pay when you buy a commercial AV solution is not the dumb AV engine. You pay the fact of being able to access a signature database that is updated around the clock. Since updating (at worm speed time) the signature database is a pretty boring task, it's unlikely to have ppl to line up to do this for free. This is way free AV will be unlikely to fly. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Clam AV?
I have been using Peter's new updated ClamAV filter with ClamAV and it has caught all the virus's so far. I know this, because we also have Norton Antivirus Corp. running behind the mail server and since I installed the email virus checker, the system does not find anymore virus's. We could be just getting the "mainstream" virus's and thats why it may seem to be catching everything, though. During the Sobig and the Blaster problems, it caught all them and we were not affected. Anyways, overall, I am completely happy about the whole implementation. Ben - Original Message - From: "EDV - WHW (Goesta Smekal)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 29, 2003 1:21 AM Subject: [xmail] Re: Clam AV? > =5.0 > tests=EMAIL_ATTRIBUTION,QUOTED_EMAIL_TEXT,SIGNATURE_LONG_SPARSE > version=2.50 > X-Spam-Level: > X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) > > > On 28 Aug 2003 at 14:12, Toby Reiter wrote: > > > So I'd like to use Clam Av (unless anyone has any other open source > > anti-virus ideas for Linux). > > As others said before: use it with caution ! We used it for a while > but after the Klez.H outbreak I switched to Sophos. If you do serious > > business I think it's worth investing in a commercial scanner (I > never thought I would say that since I'm a free software junkie) > > > I think I can probably use the existing > > virus filters without too much hassle, but I wanted to get feedback > > from other users on whether they've tried Clam AV, and what they > > thought about it. Also info on any open source anti-virus setups > > successfully installed on Linux would be appreciated. > > You can download my filter script (perl) tailored for ClamAV from > > http://members.chello.at/goesta.smekal/code/ > > I have got an updated version in productive use (with Sophos) which I > > will post if there is any kind of interest out there ... > > hope that helps, > > Goesta > > P.S.: sorry, Toby, you get this double, since I seem to forget to > post answers to the list instead of the author lately ... > > > -- > Goesta Smekal (IT Systems Administrator) > Wiener Hilfswerk > Schottenfeldgasse 29 > A-1072 Vienna - AUSTRIA > Phone: ++431-512 36 61-407 Fax: ++431-512 36 61-33 > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Clam AV?
Here is an update to your OpenAntivirus database statement... This may be new to ClamAV, but in there 0.60 version it states this: " Many people get confused with ClamAV database status because of the OpenAntiVirus update information at: http://openantivirus.org/latest.php (last update at 17 October, 2002). The ClamAV virus database contains the OAV database (with some signatures fixed or removed) but we develop it independently of the OAV project. Our database is updated frequently (on average 4-5 times a week). You can help (or join) us - will find some basic but useful instructions at http://clamav.elektrapro.com/doc/signatures.pdf " Ben - Original Message - From: "Kirk Friggstad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 28, 2003 6:04 PM Subject: [xmail] Re: Clam AV? > > From a comp.os.linux.security posting from March 3, 2003: > > "However, use it [ClamAV] at your peril. > > Clam AntiVirus uses the OpenAntivirus virus database. It is in an early > development state and members of the OpenAntivirus group say that it > should be regarded as a "toy" at present. It is not up-to-date and tests > by the group using it have found that the database does not (yet) trap > many ITW (in the wild) viruses. They have consistently told me that they > have asked Clam Antivirus NOT to use their database in Clam Antivirus." > > (found on Google groups - search for "clam antivirus" and "old rocker" > should have this posting as the top result) > > Took a quick peek at Open Antivirus' page on SourceForge - the virus > signature database they have there is dated back to May of 2002, so I'd be > inclined to agree with the person who posted the above message to Usenet. > > Hope this helps. We just implemented F-Prot with Peter Lindemann's AV script > this past week - we're averaging about 3000 viruses per day (mostly Sobig, > with a sprinkling of Klez, Bugbear and other classics). Very happy with it > so far - the price tag wasn't insignificant, but it was much less than it > would have been for a commercial mail package with integrated virus > scanning. > > Kirk. > > -----Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Filip > Sent: Thursday, August 28, 2003 4:50 PM > To: Toby Reiter > Subject: [xmail] Re: Clam AV? > > > > Hi, > > I have a collection from viruses my av-filter (linked on > xmailserver.org) caught using f-prot. I compared clamav and f-prot on > Linux RH 9 : > > #clamscan /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ > Scanned files: 94 > Infected files: 41 > > > #f-prot /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ > Files: 94 > Infected: 92 > Suspicious: 1 > > > Any other experience or comment on this ? > > > -- > Fil. > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Clam AV?
On 28 Aug 2003 at 14:12, Toby Reiter wrote: > So I'd like to use Clam Av (unless anyone has any other open source > anti-virus ideas for Linux). As others said before: use it with caution ! We used it for a while but after the Klez.H outbreak I switched to Sophos. If you do serious business I think it's worth investing in a commercial scanner (I never thought I would say that since I'm a free software junkie) > I think I can probably use the existing > virus filters without too much hassle, but I wanted to get feedback > from other users on whether they've tried Clam AV, and what they > thought about it. Also info on any open source anti-virus setups > successfully installed on Linux would be appreciated. You can download my filter script (perl) tailored for ClamAV from http://members.chello.at/goesta.smekal/code/ I have got an updated version in productive use (with Sophos) which I will post if there is any kind of interest out there ... hope that helps, Goesta P.S.: sorry, Toby, you get this double, since I seem to forget to post answers to the list instead of the author lately ... -- Goesta Smekal (IT Systems Administrator) Wiener Hilfswerk Schottenfeldgasse 29 A-1072 Vienna - AUSTRIA Phone: ++431-512 36 61-407 Fax: ++431-512 36 61-33 - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Clam AV?
>From a comp.os.linux.security posting from March 3, 2003: "However, use it [ClamAV] at your peril. Clam AntiVirus uses the OpenAntivirus virus database. It is in an early development state and members of the OpenAntivirus group say that it should be regarded as a "toy" at present. It is not up-to-date and tests by the group using it have found that the database does not (yet) trap many ITW (in the wild) viruses. They have consistently told me that they have asked Clam Antivirus NOT to use their database in Clam Antivirus." (found on Google groups - search for "clam antivirus" and "old rocker" should have this posting as the top result) Took a quick peek at Open Antivirus' page on SourceForge - the virus signature database they have there is dated back to May of 2002, so I'd be inclined to agree with the person who posted the above message to Usenet. Hope this helps. We just implemented F-Prot with Peter Lindemann's AV script this past week - we're averaging about 3000 viruses per day (mostly Sobig, with a sprinkling of Klez, Bugbear and other classics). Very happy with it so far - the price tag wasn't insignificant, but it was much less than it would have been for a commercial mail package with integrated virus scanning. Kirk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Filip Sent: Thursday, August 28, 2003 4:50 PM To: Toby Reiter Subject: [xmail] Re: Clam AV? Hi, I have a collection from viruses my av-filter (linked on xmailserver.org) caught using f-prot. I compared clamav and f-prot on Linux RH 9 : #clamscan /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ Scanned files: 94 Infected files: 41 #f-prot /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ Files: 94 Infected: 92 Suspicious: 1 Any other experience or comment on this ? -- Fil. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Clam AV?
Hi, I have a collection from viruses my av-filter (linked on xmailserver.org) caught using f-prot. I compared clamav and f-prot on Linux RH 9 : #clamscan /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ Scanned files: 94 Infected files: 41 #f-prot /var/MailRoot/filters/XM_Fprot_Filter/InfectedMessages/ Files: 94 Infected: 92 Suspicious: 1 Any other experience or comment on this ? -- Fil. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Clam AV?
Toby Reiter wrote: > I know that filters exist for Fprot and AntiVir on Linux, but I'd > really rather go the open source route (since, technically, I'd have > to pay considerably to use either of the commercial products). > > So I'd like to use Clam Av (unless anyone has any other open source > anti-virus ideas for Linux). I think I can probably use the existing > virus filters without too much hassle, but I wanted to get feedback > from other users on whether they've tried Clam AV, and what they > thought about it. Also info on any open source anti-virus setups > successfully installed on Linux would be appreciated. I allready have allready build in support for ClamAV but I haven't find the time yet to release it. I will try to put it on my site tonight so you can find it at http://www.lindeman.org/filters.html The version with ClamAV support will be version 1.7 -- Groeten, Peter -- Cannot read the device name from the media .INI file. --- --- Heb je een Sony Digital video camera ? --- Kijk eens op http://www.dvin.org --- Kijk ook op http://www.lindeman.org --- ICQ 22383596 --- Uptime lindeman.org - 4 days, 21 hours and 38 minutes, 0 users logged in. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]