Slashdot Mirror

← Back to Stories (view on slashdot.org)

Server Side Virus Scanning Options?

Posted by Cliff on from the those-questions-that-keep-popping-up-in-the-bin dept.

Unknown Relic asks: "Because of the number of virii which are propagated through email, and the tendancy for some users to open executable attachments no matter what they are told, we have decided to seek out a server side solution. We are currently running Linux with qmail on the server side, and while a we have found a couple of products which may fit the bill, I wanted to hear about the experiences and recommendations of slashdotters on this subject. Do you or your company make use of a server side virus scanning engine, Open Source or otherwise, and if so what are your impressions?"

1 of 46 comments (clear)

  1. Anti-Virus by dasunt · · Score: 4, Interesting

    I'm in the middle of writing a HOWTO for the LDP concerning virus scanning on linux. (Wish it was done so I can point you to it).

    I don't have my research in front of me, so I have to reply off the top of my head here.

    If I was going to do this, I would first select one of those programs that mangles attachments. There are solutions that removes attachments entirely, solutions that detach the attachment and move it to a place where it can be accessed by a link in the email, or solutions that change the extension of the file. I'd suggest the latter solution. If any .vbs, .bat, .exe [...etc] files are renamed to .oldextension.txt, everything is fine. You might want to combine this solution with a rule to filter anything along the lines of .jpg.vbs or the like (which is probably a virus). Remember - If you remove attachments or block emails, please send a message to the sender saying you did. This is business email. The $virus_of_the_month might have attached itself to the CEO's quarterly fiscal report.

    That being done, then run all emails through a virus scanner. Again, if you detect a virus, mail the sender explaining what you did and what virus was detected. [Btw, put in a disclaimer - some viruses send out false 'from' addresses in their headers]

    That should filter incoming email without a problem. For shares, there are scanners that will integrate themselves with Samba, which will scan files whenever they are changed. I have not seen any real-time scanning solution for other file shares methods though.

    If anyone has some more information, please drop an email to dasunt[at]hotmail[dot]com. If I use the information, I'll credit you.