Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source AV Proxies and Network Scanners?

Posted by Cliff on from the network-wide-virus-innoculations dept.

Zphbeeblbrox asks: "Our Company is looking to set up a central proxy/gateway for several of our Networks. We would like to investigate some of the Open Source Antivirus Proxy solutions and AntiViral Network Scanning, however the information we have on them is rather sketchy. Have any of you had experience setting up DansGuardian with the Clam-AV plugin or similar such solutions. Additionally the mail proxy with Clam-AV solutions? If you have, what advice and recommendations would you have for us. Do they work and should we consider using something like snort-inline to scan our network traffic for viruses? I have found little by way of comparisons or reviews on them so I'm hoping you will be able to share some of your experiences on their effectiveness."

4 of 35 comments (clear)

  1. ASSP - mail proxy +antispam + clamAV by Jjeff1 · · Score: 3, Informative

    I have ASSP, it integrates with the ClamAV database. World-Wide Stats as well as my own stats indicate it's blocking viruses. Though I still have some viruses get picked up by my Exchange server, however there are a very large number blocked.

    Since I have separate AV on my Exchange server, and had it before the ClamAV integration with ASSP, I never bothered to troubleshoot why ASSP misses some of the viruses that it should be catching.

    So based on this, I can't say I'd use it as my only mail AV solution, but then again I haven't tried to either.

    1. Re:ASSP - mail proxy +antispam + clamAV by magefile · · Score: 4, Funny

      You've gotta be kidding me - who chose an acronym that can be expanded as "ASS Proxy"?!

  2. ClamAV as a daemon is easy to use by Bronster · · Score: 3, Interesting

    I use ClamAV both at work and home. It's great.

    My home setup is just a hosted VPS (previously a real box but I got tired of dealing with hardware issues) running email for myself and my family, plus a couple of mailing lists. I'm using amavis-new to apply both SpamAssassin and ClamAV to mails as a content_filter within Postfix.

    Work has to be much higher performance - we use a custom LMTP proxy written in Perl which calls out to the clamd clamav daemon and contains a SpamAssassin instance which has been a lot more seriously tuned. We also run local copies of many RBLs (you generally need to pay to do that, but it's worth it for the saved network traffic if you've got enough spam comming in!)

    Interestingly, I did some work on the lmtp proxy just last week so that even when the clamd is down (restarts, etc) it will fall back to calling out to 'clamscan' directly on the spool file and parsing the output.

    So yes, especially since ClamAV 0.8, it's been very nice and easy to use - the mail scanning is reliable (haven't had a single virus get through into my mail, but I get around 30-50 virus notifications a day from it - I could probably turn them off, but it's nice to see what sort of traffic is floating around).

    Bron.

  3. Clam by cuteseal · · Score: 3, Informative

    Clam AV seems to be the biggest one out there, but if you're using POP3, P3Scan is worth a try...

    --

    The friendliest digital photography forums on the net!