AV scanning choices/methods
Folks,
After reading a lot of the posts/documentation on the topic I am attempting to sort through the choices on virus scanning methods available for a JES instance. In my case ver 6.2-7.05
Here are some questions:
Q: It looks like ClamAV is a good choice and it is apparently easy to do a channel integration with it, right?
Q:Does the "libclamav.so" library, now available in the recent JES release, allow one to integrate ClamAV directly into the MTA without a middle piece of software such as Amavis ? If so is this documented somewhere?
Document ID:79481 (which is now several years old indicates the need for amavisd-new to integrate clam-av scanning via a tcp_scan channel, however
the document also says "integration of clam-AV is open to discusssion" Once again the date of the doc is 2004.
I am familiar with, and am using, the Sophos virus scanner via sophie using, the multiscan.sh script, and we have a license for the defs. I have also used this with the iMS 5.2 MTA, so if the MTA integration to the sophos scanner is the same as clam-av, I am inclined to go with something I am familiar with.
Q:Can I assume that Clam-AV might plug into the MTA in a similiar manner as listed in the admin guide (pg 451) with the below settings,
or are these only specific to SAVSE ?
! for Symantex Anti-virus Scan Engine
spamfilter1_config_file=/opt/SUNWmsgsr/config/SAVSE.opt
spamfilter1_library=/opt/SUNWmsgsr/lib/libicap.so
spamfilter1_optional=1
spamfilter1_string_action=data:,discard
!
! ims-ms
ims-ms defragment subdirs 20 notices 1 7 14 21 28 backoff "pt5m" "pt10m"
"pt30m" "pt1h" "pt2h" "pt4h" maxjobs 4 pool IMS_POOL fileinto
$U+$S@$D destinationspamfilter1optin virus
ims-ms-daemon
[1822 byte] By [
goubeauxa] at [2007-11-26 16:09:46]
# 1
Hi,
> Q: It looks like ClamAV is a good choice and it is
> apparently easy to do a channel integration with it,
> right?
There are many factors to consider when implementing a virus scanning solution: cost, performance, reliability of product, number of updates etc.
ClamAV is a good start since its free, not too much overhead, integrates cleanly, fairly regular updates.
> Q:Does the "libclamav.so" library, now available in
> the recent JES release, allow one to integrate ClamAV
> directly into the MTA without a middle piece of
> software such as Amavis ? If so is this documented
> somewhere?
As of patch -58 for JES4 messaging server, libclamav.so is provided. Documentation is available in the next releases (6.3) messaging admin guide. libclamav.so plugin communicates directly with clamd, no need for middleware.
> Document ID:79481 (which is now several years old
> indicates the need for amavisd-new to integrate
> clam-av scanning via a tcp_scan channel, however
> the document also says "integration of clam-AV is
> open to discusssion" Once again the date of the doc
> is 2004.
refer above.
> I am familiar with, and am using, the Sophos virus
> scanner via sophie using, the multiscan.sh script,
> and we have a license for the defs. I have also used
> this with the iMS 5.2 MTA, so if the MTA integration
> to the sophos scanner is the same as clam-av, I am
> inclined to go with something I am familiar with.
I used Sophos/Sophie anti-virus scanning combination at my previous employer. I didn't use the multiscan.sh script but wrote a virus-scanning channel which communicated directly with sophie using the sophie libraries. The channel did other things such as plugged into spamassassin for spam markup, plus stripped and replaced executable attachments. Performance was/is excellent - unfortunately I can't supply the code and I no longer have access.. sorry.
The integration with ClamAV is much simpler, and faster. Calling out to multiscan.sh script is expensive in comparison.
> Q:Can I assume that Clam-AV might plug into the MTA
> in a similiar manner as listed in the admin guide (pg
> 451) with the below settings,
> or are these only specific to SAVSE ?
You assume correctly. If you provide your email address I will send you a copy of the to-be-released integration notes. The only cost to you is feedback so any fixes that are needed can be integrated prior to releasing the final documentation :)
Shane.
# 2
> There are many factors to consider when implementing
> a virus scanning solution: cost, performance,
> reliability of product, number of updates etc.
>
> ClamAV is a good start since its free, not too much
> overhead, integrates cleanly, fairly regular updates.
It sounds adequate for my environment.
>
> As of patch -58 for JES4 messaging server,
> libclamav.so is provided. Documentation is available
> in the next releases (6.3) messaging admin guide.
> libclamav.so plugin communicates directly with clamd,
> no need for middleware.
Excellent !!
>
> Q:Can I assume that Clam-AV might plug into the
> MTA
> in a similiar manner as listed in the admin guide
> (pg
> 451) with the below settings,
> or are these only specific to SAVSE ?
>
> You assume correctly. If you provide your email
> address I will send you a copy of the to-be-released
> integration notes. The only cost to you is feedback
> so any fixes that are needed can be integrated prior
> to releasing the final documentation :)
I am more than willing to pay this cost..!! (:
Please email to: goubeaux@education.ucsb.edu
thanks -john
>
> Shane.
