Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Antivirus Options for a Mailserver?

Posted by Cliff on from the remember-when-email-viruses-were-a-myth dept.

CSIP asks: "I am setting up a small mailserver, with ~500 users, across 80 domains. I'm planning to use qmail-scanner and an antivirus scanner to block incoming viruses. I would prefer to use ClamAV, however I've read conflicting reports on its effectiveness. The commercial scanners appear to detect 99.X% however they are licensed per-user, which at 500+ users becomes quite the annual bill. What is everyone's experience with ClamAV? Are their other commercial scanners that allow you to license on a per-server basis?" The best indicator of quality for a virus scanner is the information in its virus database. How do ClamAV's virus definitions compare to commercial scanners, like McAfee's?

6 of 91 comments (clear)

  1. You'd be better off... by Ophidian+P.+Jones · · Score: 3, Informative

    Using a fuzzy checksum tool like DCC to block similarly worded messages. It will catch both spams and viruses.

    Most viruses spread so quickly that the AV tools' databases are inevitably out of date and ineffective.

  2. ClamAV vs. Commercial by OneFix+at+Work · · Score: 4, Informative

    There's a good post detailing the ClamAV vs. Commercial question...

    To paraphrase, ClamAV's database is generally at least a few days ahead of sophos and sometimes weeks...

    ClamAV was written from the ground-up to do mail scanning, so it should be better than commercial scanners that try to be everything to everyone...

  3. Works well with qmail-scanner (thumbs up) by Penis_Envy · · Score: 2, Informative

    Using clamAV in combination with qmail (using qmail-scanner and the qmail-queue patch) on a debian box. It's caught a bunch of viruses (most recently all of these stupid doom variants), though I don't know how quickly the definitions are updated. I would imagine that is where the concern would be. I also wouldn't know if viruses made it through, as I run linux on my workstations/laptop. I only installed clamAV to help protect others using my mail server. I haven't heard any complaints so far, though.

  4. Re:Clam by phoenix_rizzen · · Score: 2, Informative

    The current database scans for more than 20,000 viruses and variants.

  5. Re:Mostly works. by Yottabyte84 · · Score: 2, Informative

    I run clamd under daemontools. Crashes take it down for a few seconds at most. Check out this guide

  6. Using both Clam and Sophos.. by martin · · Score: 2, Informative

    on my mailgateway, as they both can miss the odd one.

    I tend to find Clam updates faster, but Sophos's updates need less corrections..

    I glue them together with MailScanner (www.mailscanner.info) which also allows men to pop in SpamAssassin to the mix.

    On the desktop I use Norton's AV solution so give me a third layer of defence..

    Belt and braces.....