Slashdot Mirror

← Back to Stories (view on slashdot.org)

Server Side Virus Scanning Options?

Posted by Cliff on from the those-questions-that-keep-popping-up-in-the-bin dept.

Unknown Relic asks: "Because of the number of virii which are propagated through email, and the tendancy for some users to open executable attachments no matter what they are told, we have decided to seek out a server side solution. We are currently running Linux with qmail on the server side, and while a we have found a couple of products which may fit the bill, I wanted to hear about the experiences and recommendations of slashdotters on this subject. Do you or your company make use of a server side virus scanning engine, Open Source or otherwise, and if so what are your impressions?"

6 of 46 comments (clear)

  1. Unpopular, but... by Tadrith · · Score: 3, Interesting


    The company I work for has a twofold solution which has effectively stopped *anything* from getting through to our system. I haven't seen a virus make it through since it's been implemented.

    On the top half, we have an intermediate company called Big Fish scan our e-mail as it comes through, and then it passes it on to our Exchange server. On the Exchange server, we're running Norton Antivirus for Exchange.

    The added benefit of the intermediate company, is that they also effectively remove 99% of all spam, and all of my normal e-mail gets through. They save all discarded e-mails so you can see how good of a job it does - so far, it's been perfect.

  2. McAfee by itwerx · · Score: 2, Interesting

    I wouldn't normally recommend Mcafee because their products have had so many problems the last few years but their e500 appliance is actually pretty decent.

    (Hmm, and it's linux-based. Coincidence? I didn't think so... :)

  3. Mailscanner by redcliffe · · Score: 3, Interesting

    I'm using mailscanner with exim, it strips out any evil javascript or any attachments that are executable. This seems to work for me.

  4. Vexira Mail-Armor by JLester · · Score: 3, Interesting

    We started using Vexira (http://www.centralcommand.com) Mail-Armor this year. We use Debian/Exim for about 8000 users for a school system. The setup was very simple. Mail-Armor listens on the SMTP port and does real-time scanning of every message that goes through. It then passes the message on to the "real" SMTP server running on a non-standard port. We were initially worried about whether it could keep up with our traffic, but it has been flawless so far. It uses two processes: one listes on the SMTP port and does the scanning while the other processes the queue and passes the messages on to Exim.

    It notifies the postmaster and both the sender and receiver when it detects a virus. A cron job runs every night to download the virus definitions. It cost $150 for a school system. The cool thing is that it is licensed by domain, not by # of mailboxes like some products.

    Jason

    --
    "FORMAT C:" - Kills bugs dead!
  5. Trend Micro by russward662 · · Score: 2, Interesting

    We have been using Trend Micro since before I started here. RIght now we have an Exchange 2000 server with Trend Micro installed. We process around 10 million messages a month.

    So far I have been very happy with Trend Micro. The only down side I have seen is the cost, but it is not as bad as some others.

  6. Anti-Virus by dasunt · · Score: 4, Interesting

    I'm in the middle of writing a HOWTO for the LDP concerning virus scanning on linux. (Wish it was done so I can point you to it).

    I don't have my research in front of me, so I have to reply off the top of my head here.

    If I was going to do this, I would first select one of those programs that mangles attachments. There are solutions that removes attachments entirely, solutions that detach the attachment and move it to a place where it can be accessed by a link in the email, or solutions that change the extension of the file. I'd suggest the latter solution. If any .vbs, .bat, .exe [...etc] files are renamed to .oldextension.txt, everything is fine. You might want to combine this solution with a rule to filter anything along the lines of .jpg.vbs or the like (which is probably a virus). Remember - If you remove attachments or block emails, please send a message to the sender saying you did. This is business email. The $virus_of_the_month might have attached itself to the CEO's quarterly fiscal report.

    That being done, then run all emails through a virus scanner. Again, if you detect a virus, mail the sender explaining what you did and what virus was detected. [Btw, put in a disclaimer - some viruses send out false 'from' addresses in their headers]

    That should filter incoming email without a problem. For shares, there are scanners that will integrate themselves with Samba, which will scan files whenever they are changed. I have not seen any real-time scanning solution for other file shares methods though.

    If anyone has some more information, please drop an email to dasunt[at]hotmail[dot]com. If I use the information, I'll credit you.