Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source AV Proxies and Network Scanners?

Posted by Cliff on from the network-wide-virus-innoculations dept.

Zphbeeblbrox asks: "Our Company is looking to set up a central proxy/gateway for several of our Networks. We would like to investigate some of the Open Source Antivirus Proxy solutions and AntiViral Network Scanning, however the information we have on them is rather sketchy. Have any of you had experience setting up DansGuardian with the Clam-AV plugin or similar such solutions. Additionally the mail proxy with Clam-AV solutions? If you have, what advice and recommendations would you have for us. Do they work and should we consider using something like snort-inline to scan our network traffic for viruses? I have found little by way of comparisons or reviews on them so I'm hoping you will be able to share some of your experiences on their effectiveness."

8 of 35 comments (clear)

  1. ASSP - mail proxy +antispam + clamAV by Jjeff1 · · Score: 3, Informative

    I have ASSP, it integrates with the ClamAV database. World-Wide Stats as well as my own stats indicate it's blocking viruses. Though I still have some viruses get picked up by my Exchange server, however there are a very large number blocked.

    Since I have separate AV on my Exchange server, and had it before the ClamAV integration with ASSP, I never bothered to troubleshoot why ASSP misses some of the viruses that it should be catching.

    So based on this, I can't say I'd use it as my only mail AV solution, but then again I haven't tried to either.

  2. ClamSMTP by stef0x77 · · Score: 2, Informative

    ClamSMTP is what I use. Nice, light and efficient. It does transparent proxying if you need that too.
    http://memberwebs.com/nielsen/software/clamsmtp/

    1. Re:ClamSMTP by harikiri · · Score: 2, Informative

      I trained on it in 2001, and it seemed quite cool at the time. What most impressed me was that they had a scriptable network service designed for third-party customisation. Ie, you send "add user blah profile blah" to create new users.

      For corporations looking at eliminating the overhead of having to manage both a unix server and the application running on it, an appliance server (like mirapoint) makes sense.

      --
      Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
  3. Clam by cuteseal · · Score: 3, Informative

    Clam AV seems to be the biggest one out there, but if you're using POP3, P3Scan is worth a try...

    --

    The friendliest digital photography forums on the net!

  4. My company uses by dheltzel · · Score: 2, Informative
    CanIt for email Spam/AV filtering and it works really well (easy to administer too, that's what makes it worth the price). There is a free version for small implementations (or to pilot for a few users to test it out).

    We are planning a Squid implementation to proxy web traffic and there are add-ons to scan for viruses, popups, etc. I can't say how well that works just yet, but I'm very confident it will do the job admirably.

  5. Clamav by dodobh · · Score: 2, Informative

    Clamav rocks for me on the mail side. Postfix, Amavisd-new, Clamav, SpamAssassin combine to form a very efficient virus and spam filtering/classifying system.

    Get them here:
    Postfix
    Amavisd-New
    Clam antivirus
    SpamAssassin at CPAN

    You would be particularly interested in header_checks, mime_header_checks and body_checks for Postfix.

    --
    I can throw myself at the ground, and miss.
  6. Re:Debian? by walt-sjc · · Score: 2, Informative

    Yes, they are VERY effective.

    First, as far as email is concerned (one of the largest sources of malware) if you reject certain file types such as exe, vbs, hta, bat, pif, com, cmd, etc., most viruses just bounce off the mailserver outright.

    Second, using spamassassin and common RBL's to block dynamic IP space and known compromised machines, you cut down on another large hunk of crap (both malware and spam.)

    ClamAV does a great job on modern viruses. Commercial products have large databases of ancient viruses that died out years ago, so counting the size of the database is pointless.

    Dansgardian can handle filtering nicely, and yes, you can run clamav with it - however: this isn't going to cut down on spyware much (if that is your goal.)

    Keep in mind that this setup can have a pretty sigificant performance impact, although you will only be scanning "download" file types for the most part.
    Getting off IE / outlook is your best line of defense frankly, since they are the most targeted apps.

    Snort does just fine at detecting probes and compromized machines (by their network activity), and with some scripting and proper network hardware, you can isolate a compromized machine almost instantly before it causes much damage.

    But again, the best thing is to try it. We don't know your detailed requirements, or the details of your network. Nobody can tell you for sure whether this solution is right for you.

  7. Postfix + Amavisd-new + ClamAV + SpamAssassin by phoenix_rizzen · · Score: 2, Informative

    That's the combo we're using to filter all messages for a school district (1600 staff accounts, roughly 8000 student accounts, approx 15 domains). 1 server handles all incoming and outgoing mail, and then it sends the messages off to appropriate mail server. Blocks approx 30,000 viruses and 120,000 spam messages each month. Server is a dual-Athlon-MP 2200+ with 3 GB RAM and 400 GB HD in RAID5 running FreeBSD 5.

    Configuration was simple, administration is even simpler.

    Looking at possibly adding dspam into the mix.