Page 1 of 1

Supported Antivirus Consideration & Question

Posted: 10 Jan 2019 09:18
by nicola.piazzi
I worked to find supported antivirus that can be used with EFA MailScanner and found that we have these 3 products

1 Clam that is included
2 Sophos 4 Linux that is free
3 Esets that have little fee about 100$ year

Clam is invoked using daemon that already have patterns in memory, so it doesnt use relevant cpu to scan messages
Sophos uses about 7 secs of cpu to load patterns for each message to scan
Esets uses about 4 secs of cpu to load patterns for each message to scan

So I found that using only Clam machine is very reactive and able to process tons of messages / day

Now it will be useful to find a daemon mode like Clam to have preloaded pattern for other AV

Sophos seems to be impossible, perhaps this can be done by sophossavi that seems no more working (32 bit arch)
Esets can be dome using esets_cli instead esets_scan, but it isnt support by MailScanner wrappers.

Another way can be to scan ONLY messages that have attachments, but I havent found a directive to do this
Someone have an idea about this ?

Re: Supported Antivirus Consideration & Question

Posted: 10 Jan 2019 11:28
by henk
Hi Nicola,

let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Take a look at the near future: https://github.com/MailScanner/v5/tree/ ... er/wrapper

P.S.
I temporarily disabled Sophos, since it's disfunctional since Dec 2018, and you mentioned AVG had the same issue.

Re: Supported Antivirus Consideration & Question

Posted: 12 Jan 2019 01:52
by shawniverson
henk wrote:
10 Jan 2019 11:28
Hi Nicola,

let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Balance? :lol: :lol: :lol: :lol:

Re: Supported Antivirus Consideration & Question

Posted: 22 Jan 2019 08:40
by nicola.piazzi
Hi,
I tested these 3 supported antivirus whith these results :
Cattura.PNG
Cattura.PNG (10.33 KiB) Viewed 294 times
We can say that we can exclude Esets also because we need to pay it
We can retain only Clam and Sophos that are free and have a good detection rate

Clamd is good because we dont use cpu using daemon
Unfortunately sophos uses 7secs of cpu 4 each message because is a standalone module

This cam be corrected using sophossavi that act as clamd and can transform Efa box into a dounble antivirus system that doesnt need cpu and that have an higher messages throughput.

So i can correct my efa machine from 12 cpu at now to a box with 2 or 4 cpu.

Now the problem is how to install Sophos Savi ? Someone is able to do this ? I Downloaded SAVI PERL 030 but I am unable to compile it

https://metacpan.org/pod/SAVI

Re: Supported Antivirus Consideration & Question

Posted: 28 Jan 2019 22:03
by henk
Hi Nicola,

I did find some info about SAVI on page 81 https://s3.amazonaws.com/msv5/docs/ms-admin-guide.pdf

Seems you need a valid User and Password to get the files needed. It does give some additional info that could be usefull

You could download the evaluation of Sophos for Linux to test performance ( see install link below)

https://englanders.us/~jason/howtos.php?howto=sophie