Supported Antivirus Consideration & Question

Request and discuss new features you would like to have.
Post Reply
nicola.piazzi
Posts: 266
Joined: 23 Apr 2015 09:45

Supported Antivirus Consideration & Question

Post by nicola.piazzi » 10 Jan 2019 09:18

I worked to find supported antivirus that can be used with EFA MailScanner and found that we have these 3 products

1 Clam that is included
2 Sophos 4 Linux that is free
3 Esets that have little fee about 100$ year

Clam is invoked using daemon that already have patterns in memory, so it doesnt use relevant cpu to scan messages
Sophos uses about 7 secs of cpu to load patterns for each message to scan
Esets uses about 4 secs of cpu to load patterns for each message to scan

So I found that using only Clam machine is very reactive and able to process tons of messages / day

Now it will be useful to find a daemon mode like Clam to have preloaded pattern for other AV

Sophos seems to be impossible, perhaps this can be done by sophossavi that seems no more working (32 bit arch)
Esets can be dome using esets_cli instead esets_scan, but it isnt support by MailScanner wrappers.

Another way can be to scan ONLY messages that have attachments, but I havent found a directive to do this
Someone have an idea about this ?

henk
Posts: 359
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Supported Antivirus Consideration & Question

Post by henk » 10 Jan 2019 11:28

Hi Nicola,

let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Take a look at the near future: https://github.com/MailScanner/v5/tree/ ... er/wrapper

P.S.
I temporarily disabled Sophos, since it's disfunctional since Dec 2018, and you mentioned AVG had the same issue.

User avatar
shawniverson
Posts: 2766
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: Supported Antivirus Consideration & Question

Post by shawniverson » 12 Jan 2019 01:52

henk wrote:
10 Jan 2019 11:28
Hi Nicola,

let's hope Shawn can manage to spend time to work on the new EFA/Mailwatch/MailsScanner, as it's a hell of off a job and there must be somesort of balance between EFA, work, sleep, eat, family.
Balance? :lol: :lol: :lol: :lol:
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

nicola.piazzi
Posts: 266
Joined: 23 Apr 2015 09:45

Re: Supported Antivirus Consideration & Question

Post by nicola.piazzi » 22 Jan 2019 08:40

Hi,
I tested these 3 supported antivirus whith these results :
Cattura.PNG
Cattura.PNG (10.33 KiB) Viewed 927 times
We can say that we can exclude Esets also because we need to pay it
We can retain only Clam and Sophos that are free and have a good detection rate

Clamd is good because we dont use cpu using daemon
Unfortunately sophos uses 7secs of cpu 4 each message because is a standalone module

This cam be corrected using sophossavi that act as clamd and can transform Efa box into a dounble antivirus system that doesnt need cpu and that have an higher messages throughput.

So i can correct my efa machine from 12 cpu at now to a box with 2 or 4 cpu.

Now the problem is how to install Sophos Savi ? Someone is able to do this ? I Downloaded SAVI PERL 030 but I am unable to compile it

https://metacpan.org/pod/SAVI

henk
Posts: 359
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Supported Antivirus Consideration & Question

Post by henk » 28 Jan 2019 22:03

Hi Nicola,

I did find some info about SAVI on page 81 https://s3.amazonaws.com/msv5/docs/ms-admin-guide.pdf

Seems you need a valid User and Password to get the files needed. It does give some additional info that could be usefull

You could download the evaluation of Sophos for Linux to test performance ( see install link below)

https://englanders.us/~jason/howtos.php?howto=sophie

ovizii
Posts: 445
Joined: 11 May 2016 08:08

Re: Supported Antivirus Consideration & Question

Post by ovizii » 19 Feb 2019 11:12

Not trying to hijack your thread just some input: we are also using the free sophos version and have bought additional AV definitions for clamav:

securiteinfo - roughly 30€ / year for their professional subscription and
malwarepatrol - roughly 40€ / year

This and using clamav-unofficial-sigs with their free additional sources makes us feel quite safe although we do have the occasional virus slip through.

I was recently looking for additional AV solutions and found this, have a look if its suitable for EFA: http://www.zonerantivirus.com/stahnout? ... at&arch=32

(I basically checked out virustotal and their list of scanners then went to find one that had a free linux version :-)

henk
Posts: 359
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: Supported Antivirus Consideration & Question

Post by henk » 19 Feb 2019 12:44

Hi ovizii, thanks for the input, as any enhancement will benefit EFA.
The issue with additional scanners is the intergration with EFA/Mailwatch/MailScanner.

As EFA3 is EOL, I just focus on EFA4 and monitor the ongoing development and additional scanner intergration.
https://github.com/MailScanner/v5/blob/master/changelog
https://github.com/mailwatch/MailWatch/ ... ANGELOG.md

The major change is the MailScanner Milter project, as it decouples MailScanner from Postfix.
From the documentation:
A future version of the milter may support “Full Milter Scanner” mode in which traditional MailScanner is turned off and the Milter does all scanning, returning REJECTS and TMPFAILS at the expense of sacrificing bulk scanning for those who need this functionality and have lighter workloads.
To speed up the transition to EFA4, it would be great if more members could test the new EFA version or at least help with translations.
It's a small offer compaired to the massive effort of the EFA/Mailwatch/MailScanner teams to get the job done. :thumbup:

Post Reply