[Mimedefang] Which AV package are most people using with MimeDefang?

jmiller at purifieddata.net jmiller at purifieddata.net
Wed Oct 23 12:52:01 EDT 2002


On Wed, 23 Oct 2002, David F. Skoll wrote:

> On Wed, 23 Oct 2002, Nels Lindquist wrote:
>
> > You might want to look at H+BEDV Antivir (http://www.hbedv.com).
>
> Has anyone tried this experiment?
>
> - Install ClamAV with the clamd daemon and freshclam.
> - Block all the dangerous extensions with MD.
> - Wait a month or two and see if *anything* gets past that would have
>   been trapped by a commercial virus scanner.
>
> I have my doubts.  I think the (commercial) virus-scanning industry is
> a big ripoff, and MD's default filter in combination with clamd is
> probably every bit as good as a commercial package.
>
> If I'm wrong, however, I'd be interested to hear about it.
>
> --
> David.

I don't do much file extension blocking, but have been using MD and clamd
for about a month for one of my clients.
His setup:
     Internet
        |
     MD + clamd + SA on FreeBSD box
        |
     Norton Antivirus Mail Gateway on Win2k
        |
     Final Destination mail server (there are several, each hosting a
handful of domains)

When it was first installed, I just ran spamassassin (had to make sure
it'd keep up w/ his flow of e-mail). It's not that beefy of a box (athalon
1600 + 512mb ram), but it's been handling 50-80k msgs/day just fine.
File::Scan was added in, and it did ok, but some viruses would
occasionally sneak through. Moved to clamd, performance seemed much
better. Bugbear slipped through a few times, especially when it first
started hitting people, but was caught by Norton.
Nothing has been detected by Norton since those few bugbears though. I
have a feeling Norton has a lot more virus definitions, and there's
probably a bunch that aren't in circulation that clamd doesn't protect
against but Norton does, but I have no evidence of this.

Anyway, it seems to be doing the job quite well, and I'd recommend it
(with an I guarentee nothing disclaimer, of course :-)

Just FYI, the norton antivirus mail gateway was setup before I got there,
so we left it in the mix, and it'll probably stay there until he's both
satisfied that clamd is doing it's job, and his Norton license expires.


Feel free to check back w/ me in a month for info on a two month test :-)

--
Josh I.




More information about the MIMEDefang mailing list