Scanning for Windows Viruses in Linuxland?

rmmeyer asks: "I'm in the process of building an e-mail server for my company with a new twist. Since most of the clients are going to be Windows based (don't go there, I can't change 'em) and running Outlook (I know, I know...) I need to be able to scan the incoming and outgoing Emails for viruses. A quick check on Freshmeat shows fourty-nine projects related to email viruses. I intend to use Sendmail for the MTA with the milter API for scanning. There appear to be several commercial anti-virus scanners for Linux and at least one Open Source scanner. What are the community's experiences doing this? We expect to have 150 clients and potentially several thousand incoming Emails per day. Points are added for solutions that also include the capability of scanning Samba shares! =)" Ask Slashdot last touched on this issue in this article, from early March of last year, and before that in another article from October of 2000. I'm sure things have changed greatly since then.

F-Prot

[Tux2000]

F-Prot for Linux, free of charge for personal use.

I'm not related with Frisk Software except that I use their software.

antivirus - a sendmail milter

[elvisior]

I installed this for an organization's mail server which has over 40,000 users .. we were very concerned about a performance hit.. and on the server stats you can not see a hit.

http://www.nmt.edu/~wcolburn/antivirus/

We combined this with mcafee under linux which also works very well but there are other options available.

Not to start a us vs. them

[Gigs]

But consider Qmail. Its more secure than sendmail. Much easier to configure. And does all the things you requested. Here is the link for the Anti-Virus support. Check out the RAV product as it is can scan both emails and your drives...aka samba shares. Although it is a product you have to pay for... I consider anti-viruse one of those things that is worth paying for to make sure you're up to date.

Amavis

[Mr.Phil]

I use Sendmail with Amavis and UVScan to scan for viruses on a 3500 user mail server. No complaints so far, and I've not had a virus slip past. I've cron setup to download virus def updates every morning and that keeps me fairly up to date. Using the newer releases that daemonize amavis help to keep the system load down.

Overall, I'm pleased with the package.

http://www.amavis.org

(No affiliation with the programmers, I just use the product.)

Re:Amavis

[Mr.Phil]

I hate to reply to myself, but you can setup UVScan to scan samba shares, and amavis supports Sendmail Milter.

I knew there was something I forgot to include. Time for the morning coca-cola.

Mailscanner

I use mailscanner with sendmail to scan mail for viruses . It has a number of nice features such as the ability to block certain types of attachments (e.g. exe's) - this can be configured to block/ allow any attachment based on regular expressions. It relies on third party virus engines - I use Sophos at work and f-prot on my home network, but others work too. It also integrates well with spamassassin to effectively tag spam.

If you have a mixed network with samba shares you might also like to have a look at Rainer Link's samba-vscan VFS module for samba at the openantivirus site.

Interscan Viruswall

[sclatter]

I used it at one of my jobs and I was pretty impressed. Our setup was Solaris but they do support Linux. It works with sendmail no problem. It will clean emails and optionally notify the sender, recipient, and IT when a virus is found. It also automatically updates the virus patterns as often as nightly. It was super easy to set up and use.

Sarah

postfix+amavis+clamav+spamassassin

[runswithd6s]

Postfix: mail transport agent (MTA); packaged by most Linux distros; runs on many other platforms; easy to cinfigure; flexible; modular; secure; highly scalable; written in C by the venerable Wietse Venema; IBM Public License

AmaVis: Antivirus filtering daemon; packaged by most linux distros; multi-threaded (recognized multiple CPU's); sends out email alerts; very configurable; supports many antivirus scanners; works well with postfix; written in Perl; GPL

Clam Antivirus (clamav): virus scanner; written in C; fast; virus definition update tool included; uses virus definitions from the Open Antivirus project; (does not disinfect, just identifies); GPL

SpamAssassin: Perl-based Spam filter; use with Procmail; client-server architecture (one daemon); Perl Artistic License

Our application of the above software seems to work quite well. We server about a thousand users (about 100 "heavy users"), and the average server load rarely gets above 0.21 with a Dual AMD 1500+ MP that provides SMTP, IMAP, and POP all w/SSL enabled.

Anomy + AVP + Spamassassin works great.

[cornice]

I have been using Anomy Mail Tools to make decisions about incoming attachments and JavaScript infected messages. I use AVP (although I'll likely switch to one of the free scanners listed in this thread) to scan certain attachments (.doc, .xls, etc.) but otherwise data formats get through and executables get quarantined. If someone wants an executable from quarantine I scan it with Norton Antivirus (thanks Win4Lin) simply because I think that Symantec does a fine job of keeping their system up to date (and I do it maybe twice a year). I also use SpamAssassin for spam filtering. It works really well.

One other thing to watch out for... I had become fairly lazy about scanning the desktop since incoming mail was virtually 100% clean and since nobody uses floppies any more. Then I had a user download an infected file from her personal webmail account. I went crazy trying to figure out how this thing got in until I finally got a confession on the webmail use.