Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Antivirus Options for a Mailserver?

Posted by Cliff on from the remember-when-email-viruses-were-a-myth dept.

CSIP asks: "I am setting up a small mailserver, with ~500 users, across 80 domains. I'm planning to use qmail-scanner and an antivirus scanner to block incoming viruses. I would prefer to use ClamAV, however I've read conflicting reports on its effectiveness. The commercial scanners appear to detect 99.X% however they are licensed per-user, which at 500+ users becomes quite the annual bill. What is everyone's experience with ClamAV? Are their other commercial scanners that allow you to license on a per-server basis?" The best indicator of quality for a virus scanner is the information in its virus database. How do ClamAV's virus definitions compare to commercial scanners, like McAfee's?

3 of 91 comments (clear)

  1. there's always the blowtorch on an ant method! by Anonymous Coward · · Score: 3, Insightful
    The Blowtorch on an Ant method: Block all email with attachments.

    Now, granted, with 500 users, I'm going to assume that is not an option for you as people likely send files back and forth via email quite often.

    Still, I just wanted to point out that blocking email with attachments is probably the most effective antivirus option for a mailserver, though certainly not the best solution.

    1. Re:there's always the blowtorch on an ant method! by cybermace5 · · Score: 5, Insightful

      Do it. Then set up a simple web-based upload/download site using PHP. This is more efficient because the attachment doesn't need to be encoded for mailing, and gets around any attachment size limits for various users.

      It's extremely easy to do, and you could even set it up so that each uploaded file gets a little key so only the intended recipient can get it. The uploader script will automatically send an email to the desired recipient, containing a URL with the unique key embedded. Having all of the files stored on the server like that will probably cut down on all the inappropriate files too.

      Solution should take no more than three PHP files of 100 or less lines each.

      --
      ...
  2. something to check for in your AV scanner by Tumbleweed · · Score: 3, Insightful

    Make sure your mail-server-based AV scanner can check inside attachments that are archives (zip, etc.), and not just individual documents. Many of the latest attachment-based viruses reside inside compressed archives. Also make sure it can tell the difference between an attached file's extension, and it's real format, as sometimes they're sent out with deliberately-incorrect file extensions to get around the more stupid AV scanners.