Supported Antivirus Consideration & Question

Request and discuss new features you would like to have.
Post Reply
nicola.piazzi
Posts: 233
Joined: 23 Apr 2015 09:45

Supported Antivirus Consideration & Question

Post by nicola.piazzi » 10 Jan 2019 09:18

I worked to find supported antivirus that can be used with EFA MailScanner and found that we have these 3 products

1 Clam that is included
2 Sophos 4 Linux that is free
3 Esets that have little fee about 100$ year

Clam is invoked using daemon that already have patterns in memory, so it doesnt use relevant cpu to scan messages
Sophos uses about 7 secs of cpu to load patterns for each message to scan
Esets uses about 4 secs of cpu to load patterns for each message to scan

So I found that using only Clam machine is very reactive and able to process tons of messages / day

Now it will be useful to find a daemon mode like Clam to have preloaded pattern for other AV

Sophos seems to be impossible, perhaps this can be done by sophossavi that seems no more working (32 bit arch)
Esets can be dome using esets_cli instead esets_scan, but it isnt support by MailScanner wrappers.

Another way can be to scan ONLY messages that have attachments, but I havent found a directive to do this
Someone have an idea about this ?

henk
Posts: 290
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Supported Antivirus Consideration & Question

Post by henk » 10 Jan 2019 11:28

Hi Nicola,

let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Take a look at the near future: https://github.com/MailScanner/v5/tree/ ... er/wrapper

P.S.
I temporarily disabled Sophos, since it's disfunctional since Dec 2018, and you mentioned AVG had the same issue.

User avatar
shawniverson
Posts: 2715
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Supported Antivirus Consideration & Question

Post by shawniverson » 12 Jan 2019 01:52

henk wrote:
10 Jan 2019 11:28
Hi Nicola,

let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Balance? :lol: :lol: :lol: :lol:
Version eFa 4.0.0 RC2 now available in testing repo. Come join us in advancing eFa!

nicola.piazzi
Posts: 233
Joined: 23 Apr 2015 09:45

Re: Supported Antivirus Consideration & Question

Post by nicola.piazzi » 22 Jan 2019 08:40

Hi,
I tested these 3 supported antivirus whith these results :
Cattura.PNG
Cattura.PNG (10.33 KiB) Viewed 293 times
We can say that we can exclude Esets also because we need to pay it
We can retain only Clam and Sophos that are free and have a good detection rate

Clamd is good because we dont use cpu using daemon
Unfortunately sophos uses 7secs of cpu 4 each message because is a standalone module

This cam be corrected using sophossavi that act as clamd and can transform Efa box into a dounble antivirus system that doesnt need cpu and that have an higher messages throughput.

So i can correct my efa machine from 12 cpu at now to a box with 2 or 4 cpu.

Now the problem is how to install Sophos Savi ? Someone is able to do this ? I Downloaded SAVI PERL 030 but I am unable to compile it

https://metacpan.org/pod/SAVI

henk
Posts: 290
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Supported Antivirus Consideration & Question

Post by henk » 28 Jan 2019 22:03

Hi Nicola,

I did find some info about SAVI on page 81 https://s3.amazonaws.com/msv5/docs/ms-admin-guide.pdf

Seems you need a valid User and Password to get the files needed. It does give some additional info that could be usefull

You could download the evaluation of Sophos for Linux to test performance ( see install link below)

https://englanders.us/~jason/howtos.php?howto=sophie

Post Reply