Domain: amavis.org
Stories and comments across the archive that link to amavis.org.
Comments · 21
-
Re:reasons I like kmail
I mostly use KMail at home for the same reasons. Though i use fetchmail to retrieve the mails and procmail to pipe them thru ClamAV and SpamAssassin and finally sort them with some scripts of my own.
The fact Kmail use mail dir format, as mutt, let me also check my mail from a remote ssh session.
Some people might want to have a look to AMaVIS or check SWiK about
- emails
- fetchmail
- procmail
- ClamAV
- SpamAssassin
- KMail (nothing really here)
- mutt -
Maybe.
If that rebuild-from-source allowed you to do something difficult-or-impossible-or-expensive in MS-Windows land, it would be well worth it.
Recent case-in-point, if you want email virus scanning for 200 users, a .src.rpm fetch and "rpm -bb" of clamav would be a top investment even if you had to sit and watch it instead of going about your other business when you look at the cost of (for example) Sophos or Norton for 200 seats.
Another one, hunting down dependencies for AMaViS is worthwhile (my preferred distro, Mandrake Linux, has them all and it's just "urpmi amavisd" but this customer's site was running Red Hat) if you can discard mail containing semi-broken ZIP files (as sent by mutating MS-Windows viruses) where the commercial packages' attitude seems to universally be "can't read it, therefore it's not really a ZIP, therefore it's safe". Having this crap cut out at the gateway meant that the customer's internal MS-Exchange server could then handle the remaining load. Usually. -
Re:Spam Filtering for Exchange 2003?
Like the AC said, put Exchange behind a proper MTA. Keep your exchange server inside the firewall for the suits to fiddle with their calendars and crap. Setup Postfix, Qmail, Sendmail, Exmim or some other MTA as your internet-facing email server. I use Postfix with Amavis forming a nice interface to Clam-AV and SpamAssassin. I don't run exchange though. Can't help you there.
-
Re:Overkill
You're right about extra hardware. However:
- http://www.pc-tools.net/unix/renattach/
- http://www.amavis.org/
- http://www.clamav.net/
- http://www.sng.ecs.soton.ac.uk/mailscanner/
ClamAV seems to have the best reviews.
I snarfed all this out of a
/. comment or two a little while back, and mailed the links to my boss, who was recently complaining about the high cost of email server antivirus software. I haven't tested any of them because I don't have a colocated server and comcast does not offer static IP addresses for love nor money (or at least, I haven't found the right person to make the offer to yet) so I don't run a mail server these days. -
Re:Server-side filters?
-
Neat, but even simple measures aren't usedThis would be a neat way to watch for nasties on the wire. But most ISPs still don't use even the simplest form of filtering on their mail servers that would stop all viruses cold. The goddamn software is free; why can't ISPs use it? For filtering out viruses at mail servers:
-
Re:Serious question...
I failed to mention this, but all email is accessed via SquirrelMail. We also use Amavis to scan all incoming and outgoing emails for viruses. Both of these combined during the busiest part of the day seems to keep the server quite busy load-wise. I was thinking the new scheduler and job spool methods would help manage things a little better. Now don't get me wrong, the current setup is not terrible, but I am looking for improvements.
However, given your opinion, I will stick with 2.4 for now. Thanks for the info. -
H+BEDV Antivirus
Check out H+BEDV Antivir. It's free for personal use, and it integrates just fine with Qmail as is, or with AMaViS if you prefer using that.
-
Re:Government Funding of Security/Virus PreventionUnix isn't as susceptible to viruses as Windows, but I'm not saying it's immune. Then again, neither are Windows machines with virus scanners.
What we (or at least, I) need is a Unix-based virus scanner that can prevent the spread of viruses for all platforms.
There are such things - the websites of qmail-scanner and amavis list several virus scanners, both commercial and Free.
-
postfix+amavis+clamav+spamassassinPostfix: mail transport agent (MTA); packaged by most Linux distros; runs on many other platforms; easy to cinfigure; flexible; modular; secure; highly scalable; written in C by the venerable Wietse Venema; IBM Public License
AmaVis: Antivirus filtering daemon; packaged by most linux distros; multi-threaded (recognized multiple CPU's); sends out email alerts; very configurable; supports many antivirus scanners; works well with postfix; written in Perl; GPL
Clam Antivirus (clamav): virus scanner; written in C; fast; virus definition update tool included; uses virus definitions from the Open Antivirus project; (does not disinfect, just identifies); GPL
SpamAssassin: Perl-based Spam filter; use with Procmail; client-server architecture (one daemon); Perl Artistic License
Our application of the above software seems to work quite well. We server about a thousand users (about 100 "heavy users"), and the average server load rarely gets above 0.21 with a Dual AMD 1500+ MP that provides SMTP, IMAP, and POP all w/SSL enabled.
-
Antivirus in server
-
Re:Suggestions?
-
amavis and Klez
Just when you thought amavis was the cure for the odd little virus the odd little user would pass along, here comes Klez.H. Our helpdesk account receives 200+ "WARNING VIRUS IN MAIL ADDRESSED TO YOU" from amavisd. Yesterday, as I am on the security bitch list, I get a call from a "Senior Security Admin" for the Naval Intelligence Service (is there such a thing???). He was complaining that their sensitive e-mail accounts were getting hundreds of e-mails from foobar.edu e-mail addresses and that we need to put a stop to it. Take clue-by-four from scabbard. Take aim. Beat. This cat didn't even know what the Klez virus is and claims to be a security maven for the military. WTFE. After he yelled at me for lecturing him on how to read e-mail headers, he asked me what the solution was. Simple: ban the use of Outlook. Huff. Huff. Huff. "We can't do that! We have a contract with Microsoft."
-
Linux as an antivirus tool.
It's been said by many many times: Linux makes an excellent antivirus tool. Why? Well, because...it's Linux. But really, because of it's immunity to viruses in the first place. (Let's ignore the spread of things like ramen as they work differently than Outlook Transmitted Diseases (OTDs))
Linux as you mail server? Check out Enhancing E-Mail Security With Procmail to send this nasty crap to /dev/null automatically. If the user can't run it in the first place...
How about taking it a step further and having you Linux box scan all incoming e-mail for virisus? See Amavis and others
If you're using Linux as your file server, invest in some linux based antivirus software. Let linux scan away at your uses Windows files and keep them virus free using an OS they can't infect in the first place.
If you're a network admin, and you don't take counter measures from preventing your users from infecting themselves and others, your a part of the problem as the virus writer. Educate your users, use counter measure that prevent your users from getting the virus in the first place, etc. etc. etc. -
Norton???
9 out of 10 computer virii writers recomend Norton Antivirus
Amavis works great for email filtering, and can be configured to use a lot of antivirus (yes, there are unix versions of almost all antivirii software. File server anyone?) -
AmavisMcAffee is available for Linux.
If your samba server is also your mail server I can advise you to install Amavis (A Mail Virus Scanner: www.amavis.org) on it. Amavis is not a virusscanner itself, but invokes a configurable commandline scanner to scan all your email and attachments, even if they are compressed! You'll also find a list of available Linux virus scanners on the Amavis site and scripts to auto update your virus defs.
-
Amavis-Perl
I know this is nothing like the author asked for, however where I used to work, I set up a copy of Amavis to scan all incoming mails on the mailserver. It takes a little tweaking to get syntax and setup right, as when I did it documentation wasn't perfect, but it works like a champ now. One of the other admins also set up a perl script that checks McAfee's FTP site for a newer version of the virus database, pull it down, unpack and test it to make sure it works, and then install it; this way when new virus databases come out, it's automatically updated on the mailserver.
For our uses, the perl version (Halfway down the page) worked out better. -
Amavis-Perl
I know this is nothing like the author asked for, however where I used to work, I set up a copy of Amavis to scan all incoming mails on the mailserver. It takes a little tweaking to get syntax and setup right, as when I did it documentation wasn't perfect, but it works like a champ now. One of the other admins also set up a perl script that checks McAfee's FTP site for a newer version of the virus database, pull it down, unpack and test it to make sure it works, and then install it; this way when new virus databases come out, it's automatically updated on the mailserver.
For our uses, the perl version (Halfway down the page) worked out better. -
AMaViS
Look into AMaViS for scanning mail as it enters sendmail. AMaViS integrates with a number of third-part virus scanners.
-
NAIMcAfee has a linux scanner that uses the same dat files as the windows version. I've been using it for a while and it does a good job. It's even caught a few viruses for me:
http://www.nai.com/asp_s et/ buy_try/try/products_evals.asp
If you are looking for an email scanner check this out, it is a great email scanner:
-
It worksWe are using AMaViS on machines at my employer. It isn't the most efficient program, it ends up forking about 4-5 times for a plain text message (!) but it does work. Two drawbacks are 1. it replaces the delivery agent (usually procmail or deliver) and c. it only works for accounts local to that machine.
Now that I look again, there seems to be a way to use it on a relay. If you do that, make sure it's a beefy machine. Getting 20-30 messages/minute gets the load average into the sendmail stops talking to you range.