I worked to find supported antivirus that can be used with EFA MailScanner and found that we have these 3 products
1 Clam that is included
2 Sophos 4 Linux that is free
3 Esets that have little fee about 100$ year
Clam is invoked using daemon that already have patterns in memory, so it doesnt use relevant cpu to scan messages
Sophos uses about 7 secs of cpu to load patterns for each message to scan
Esets uses about 4 secs of cpu to load patterns for each message to scan
So I found that using only Clam machine is very reactive and able to process tons of messages / day
Now it will be useful to find a daemon mode like Clam to have preloaded pattern for other AV
Sophos seems to be impossible, perhaps this can be done by sophossavi that seems no more working (32 bit arch)
Esets can be dome using esets_cli instead esets_scan, but it isnt support by MailScanner wrappers.
Another way can be to scan ONLY messages that have attachments, but I havent found a directive to do this
Someone have an idea about this ?
Supported Antivirus Consideration & Question
Re: Supported Antivirus Consideration & Question
Hi Nicola,
let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Take a look at the near future: https://github.com/MailScanner/v5/tree/ ... er/wrapper
P.S.
I temporarily disabled Sophos, since it's disfunctional since Dec 2018, and you mentioned AVG had the same issue.
let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Take a look at the near future: https://github.com/MailScanner/v5/tree/ ... er/wrapper
P.S.
I temporarily disabled Sophos, since it's disfunctional since Dec 2018, and you mentioned AVG had the same issue.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
-
- Posts: 388
- Joined: 23 Apr 2015 09:45
Re: Supported Antivirus Consideration & Question
Hi,
I tested these 3 supported antivirus whith these results : We can say that we can exclude Esets also because we need to pay it
We can retain only Clam and Sophos that are free and have a good detection rate
Clamd is good because we dont use cpu using daemon
Unfortunately sophos uses 7secs of cpu 4 each message because is a standalone module
This cam be corrected using sophossavi that act as clamd and can transform Efa box into a dounble antivirus system that doesnt need cpu and that have an higher messages throughput.
So i can correct my efa machine from 12 cpu at now to a box with 2 or 4 cpu.
Now the problem is how to install Sophos Savi ? Someone is able to do this ? I Downloaded SAVI PERL 030 but I am unable to compile it
https://metacpan.org/pod/SAVI
I tested these 3 supported antivirus whith these results : We can say that we can exclude Esets also because we need to pay it
We can retain only Clam and Sophos that are free and have a good detection rate
Clamd is good because we dont use cpu using daemon
Unfortunately sophos uses 7secs of cpu 4 each message because is a standalone module
This cam be corrected using sophossavi that act as clamd and can transform Efa box into a dounble antivirus system that doesnt need cpu and that have an higher messages throughput.
So i can correct my efa machine from 12 cpu at now to a box with 2 or 4 cpu.
Now the problem is how to install Sophos Savi ? Someone is able to do this ? I Downloaded SAVI PERL 030 but I am unable to compile it
https://metacpan.org/pod/SAVI
Re: Supported Antivirus Consideration & Question
Hi Nicola,
I did find some info about SAVI on page 81 https://s3.amazonaws.com/msv5/docs/ms-admin-guide.pdf
Seems you need a valid User and Password to get the files needed. It does give some additional info that could be usefull
You could download the evaluation of Sophos for Linux to test performance ( see install link below)
https://englanders.us/~jason/howtos.php?howto=sophie
I did find some info about SAVI on page 81 https://s3.amazonaws.com/msv5/docs/ms-admin-guide.pdf
Seems you need a valid User and Password to get the files needed. It does give some additional info that could be usefull
You could download the evaluation of Sophos for Linux to test performance ( see install link below)
https://englanders.us/~jason/howtos.php?howto=sophie
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Supported Antivirus Consideration & Question
Not trying to hijack your thread just some input: we are also using the free sophos version and have bought additional AV definitions for clamav:
securiteinfo - roughly 30€ / year for their professional subscription and
malwarepatrol - roughly 40€ / year
This and using clamav-unofficial-sigs with their free additional sources makes us feel quite safe although we do have the occasional virus slip through.
I was recently looking for additional AV solutions and found this, have a look if its suitable for EFA: http://www.zonerantivirus.com/stahnout? ... at&arch=32
(I basically checked out virustotal and their list of scanners then went to find one that had a free linux version
securiteinfo - roughly 30€ / year for their professional subscription and
malwarepatrol - roughly 40€ / year
This and using clamav-unofficial-sigs with their free additional sources makes us feel quite safe although we do have the occasional virus slip through.
I was recently looking for additional AV solutions and found this, have a look if its suitable for EFA: http://www.zonerantivirus.com/stahnout? ... at&arch=32
(I basically checked out virustotal and their list of scanners then went to find one that had a free linux version
Re: Supported Antivirus Consideration & Question
Hi ovizii, thanks for the input, as any enhancement will benefit EFA.
The issue with additional scanners is the intergration with EFA/Mailwatch/MailScanner.
As EFA3 is EOL, I just focus on EFA4 and monitor the ongoing development and additional scanner intergration.
https://github.com/MailScanner/v5/blob/master/changelog
https://github.com/mailwatch/MailWatch/ ... ANGELOG.md
The major change is the MailScanner Milter project, as it decouples MailScanner from Postfix.
From the documentation:
It's a small offer compaired to the massive effort of the EFA/Mailwatch/MailScanner teams to get the job done.
The issue with additional scanners is the intergration with EFA/Mailwatch/MailScanner.
As EFA3 is EOL, I just focus on EFA4 and monitor the ongoing development and additional scanner intergration.
https://github.com/MailScanner/v5/blob/master/changelog
https://github.com/mailwatch/MailWatch/ ... ANGELOG.md
The major change is the MailScanner Milter project, as it decouples MailScanner from Postfix.
From the documentation:
To speed up the transition to EFA4, it would be great if more members could test the new EFA version or at least help with translations.A future version of the milter may support “Full Milter Scanner” mode in which traditional MailScanner is turned off and the Milter does all scanning, returning REJECTS and TMPFAILS at the expense of sacrificing bulk scanning for those who need this functionality and have lighter workloads.
It's a small offer compaired to the massive effort of the EFA/Mailwatch/MailScanner teams to get the job done.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams