Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source AV Proxies and Network Scanners?

Posted by Cliff on from the network-wide-virus-innoculations dept.

Zphbeeblbrox asks: "Our Company is looking to set up a central proxy/gateway for several of our Networks. We would like to investigate some of the Open Source Antivirus Proxy solutions and AntiViral Network Scanning, however the information we have on them is rather sketchy. Have any of you had experience setting up DansGuardian with the Clam-AV plugin or similar such solutions. Additionally the mail proxy with Clam-AV solutions? If you have, what advice and recommendations would you have for us. Do they work and should we consider using something like snort-inline to scan our network traffic for viruses? I have found little by way of comparisons or reviews on them so I'm hoping you will be able to share some of your experiences on their effectiveness."

2 of 35 comments (clear)

  1. ClamAV as a daemon is easy to use by Bronster · · Score: 3, Interesting

    I use ClamAV both at work and home. It's great.

    My home setup is just a hosted VPS (previously a real box but I got tired of dealing with hardware issues) running email for myself and my family, plus a couple of mailing lists. I'm using amavis-new to apply both SpamAssassin and ClamAV to mails as a content_filter within Postfix.

    Work has to be much higher performance - we use a custom LMTP proxy written in Perl which calls out to the clamd clamav daemon and contains a SpamAssassin instance which has been a lot more seriously tuned. We also run local copies of many RBLs (you generally need to pay to do that, but it's worth it for the saved network traffic if you've got enough spam comming in!)

    Interestingly, I did some work on the lmtp proxy just last week so that even when the clamd is down (restarts, etc) it will fall back to calling out to 'clamscan' directly on the spool file and parsing the output.

    So yes, especially since ClamAV 0.8, it's been very nice and easy to use - the mail scanning is reliable (haven't had a single virus get through into my mail, but I get around 30-50 virus notifications a day from it - I could probably turn them off, but it's nice to see what sort of traffic is floating around).

    Bron.

  2. Questions. by FreeLinux · · Score: 2, Interesting

    I'd have to ask, what size company are we talking about? What is the present and immediate future computing environment? Most of the answers that you'll see here are going to be from home users or REALLY small shops.

    I haven't used Dan's Guardian as yet. So far, most companies that I have seen that want content control are medium sized(100 users and up). The majority of these are Windows shops so the use MS ISA/Symantec, Novell BorderManager/eTrust, or some hardware based firewall/proxy/filter for content control. They "can't be bothered" with hacking together their own solution.

    I have numerous smaller companies(100 users) using Squid/ClamAV to protect the surfers and Postfix/ClamAV to protect the email with stellar results. Both solutions work well, are very fast and would likely scale to much higher loads if given the chance. I see no reason to doubt the capabilities of Dan's Guardian either, I just haven't used it in a corporate environment. But, with Dan's Guardian, the antivirus protection is actually from Squid/ClamAV which works great.