My original question was:
"We are planning to implement e-mail virus scanning on our sendmail based
Tru64 (4.0F at present) mail servers. We are interested to hear what others
have been using and their experiences. TIA - I'll happily summarize the
responses for the list."
Thanks to all who responded. The responses are excerpted below. Sophos is
the scanning engine of choice (Trend Micro is mentioned as a possibility,
but no one reported using it). Amavis is mentioned most as the tool used
to interface virus scanning with sendmail. One site is contemplating using
the new Sophos mail scanner gateway on Linux.
Excerpted responses:
==================================================================
From: "Edward D. Silver" <eds_at_lodging.com>
We use the Anomy Sanitizer. We couldn't get amavis to work because
of all the dependencies...
Works well.
-Ed Silver
> Ed - what do you use in conjunction with Sophos (amavis, mailscanner,
> something else)?
>
> At 06:09 PM 11/6/2001 -0500, you wrote:
>
> >We use SOPHOS and it works great.
> >
> >-Ed Silver
>
==================================================================
From: Horst Dieter Lenk <lenk_at_mpi-muelheim.mpg.de>
Hi,
I am using Sophos virus scanner with a modified Amavis script since
a year. It works fine.
==================================================================
From: "Karen R. McArthur" <kmcarthu_at_bates.edu>
We are using a freeware procmail email sanitizer on incoming mail:
http://www.impsec.org/email-tools/procmail-security.html
I addition, we have antivirus software on all clients.
Our email servers were Tru64 4.0D - then updated to 4.0G - then updated to
5.1. The sanitizer worked on all 3 versions with no recompiling.
==================================================================
From: Ken Kleiner <ken_at_cs.uml.edu>
Well, I tend to go with the 'commercially supported' options, i.e.
sophos/norton/mcafee, other than amavis.
I've done some good testing with sophos. Right now, however, their
new linux gateway product requires another sendmail device to put a stop
to using it for relay/spam. I.E:
1. sendmail server for domain (MX host) does relay checking, etc
2. sends 'okay' mail to linux machine running sophos anti virus software
3. 'clean' mail goes to my main sendmail server for local delivery
If you leave out step/server #1 you end up with the sophos system sending
all mail to the mail server and since the main server allows ANY mail
from my domain's hosts to anywhere you end up with a spam problem.
I just tried out norton antivirus gateway and it seems to handle relay
issues much better 'out of the box', but it requires solaris for the
unix port and we don't really have dedicated/non-research boxes for that.
sophos on linux is MUCH easier to implement from a hardware, resource
standpoint.
If I had to make a choice, I would go with sophos - however, I have not
tested mcafee's solution, but that is a turnkey hardware solution....
hope it helps...
>
> Thanks Ken - which solution looks best to you so far?
>
> At 09:06 AM 11/7/2001 -0500, you wrote:
> >Hi...
> >
> > In the past 2 months, I have tested the open source amavis
> >(www.amavis.org) - it is basically a frontend tool that extracts
> >attachments and sends them off to your scanner of choice. It can sit
> >on the sendmail server. You still need some sort of a virus scanner
> >for it to use - I suggest looking _at_ sophos - www.sophos.com. They
> >have a unix antivirus package that includes a tru64 version!
> >
> > Sophos has also come out with a linux or windows based email virus
> >scanning gateway product that would listen on port #25 and scan any
> >incoming mail, etc. It's not a hardware solution, just a software one.
> >Since they don't have tru64 version of the gateway product, we would
> >run it on a linux box and just have it send mail to our tru64 sendmail
> >server once cleaned.
> >
> > We are also going to test Symantec's Norton AntiVirus Gateway for
> >solaris, along with McAfee's version of this (McAfee's is a hardware
> >solution - a linux server with their software on it - yuch in my opinion).
> >
> > I strongly suggest looking into sophos. They do only 1 thing -
> >virus scanning - and they do it nicely - I've also tried their
> >win32 desktop solution - much faster and more efficient than mcaffee.
==================================================================
From: Regis.Carlier_at_univ-valenciennes.fr (Regis Carlier)
Hi ,
We use amavis ( www.amavis.org ) with sophos antivirus ( www.sophos.com )
with great satisfaction.
Reg/
==================================================================
From: Richard Loken <tech_at_athabascau.ca>
Your choices are extremely limited as I am sure many will tell you. We use
Sophos and are quite content with it but we run PMDF and not sendmail since
this machine does mail and only mail for a living.
==================================================================
From: Udo de Boer <Udo.de.boer_at_ubero.nl>
Diane,
There is a thing called amavis. This uses a virusscanner and the libmilter
interface of sendmail to scan the
mail. You can use any viruscanner supported on tru64. I thonk you have to
compile sendmail to enable libmilter. Information about amavis is found on
internet.
==================================================================
From: Xavier Mertens <xavier_at_be.wanadoo.com>
Hi Diane,
We use the pair Inflex + sendmail to scan mails for viruses.
In fact we run the mail scanner on a Linux Intel box but the
main code is in perl so no problem to port it on Tru64! This solution
is based on the F-prot antivirus. I've no idea if they released
binaries for Tru64/Alpha.
Just be carefull: it's quite huge in system ressources! (IO, memory,
etc...)
http://pldaniels.org/inflex/
-Diane
Received on Thu Nov 08 2001 - 19:05:31 NZDT