On Sep 10, 2004, at 09:33, Stelian wrote:
Please help me, i have a very urgent problem. I must provide a virus free mail service for my employer, and I must do it fast or my job is on the line :) We curently have about 6 POP3 acounts stored on our ISP server. The viral trafic (incoming, of course) on them is very high, up to the point where we cannot longer use them. My task is to provide some kind of filtering server, to keep the viri out using a free antivirus like Clamav. Idealy, the server would work like this: continuously fetch the mail from the external servers, delete the infected messages, and keep a IMAP accesible local copy of the good messages. The computers on the local network will be configured to get their mail from the local server. I cant use something like P3Scan, or any type of "on acces" transparent POP proxy because: - it must be installed on the router/firewal, and i have no access to it (it's a hardware model) - it would slow the access to the mail because the viral trafic is probably 97% of all mail trafic.
Any input is wellcomed.
What you suggest doing is a poor solution, difficult to manage and control and the resulting delay woud make retrieving mail unbearable since all filtering would be done client side (not recommended).
This is what I propose as an effective solution.
1) Provide mail accounts in-house. (Postfix/Cyrus can provide IMAP/POP3 mail)
2) Install amavis-new, ClamAV, Spam Assassin and configure them to filter spam and virii
I use a hardware firewall routing device (Sonic Wall TZ-170) and it has built-in (buy option) features for Anti-Virus which I don't use since I use use the mentioned configuration.
I can honestly say I have had no intrusions or virii pass through, all mail is scanned twice, once by clamd and if it detects anything suspicious it saves it and then processes again using clamscan which has more stringent parameters.
So the level of protection is significantly higher based on this setup.
While there are those who believe that clamd isn't finding anything, they are wrong, I have followed a virii mail using gdb and found that while the notification e-mail always claims that clamscan found it, if clamd didn't detect it it wouldn't get passed to clamscan.
clamscan in this case is a secondary detection service but is authoratative and has the final word cause amavis doesn't list all of the software that detected a problem, only the last process used.
While my prefered OS is Mac OSXS (Darwin/FreeBSD), I have successfully installed this configuration using my own install guide on other Linux/Unix variants without any problems.
The actual amount of work involved is actually quite minimal, I have provided the author my Mac install guide and additional scripts to aid in the support of this software and I believe it may be included in future releases which can assist other OS users make the install painless.
My only complaint about any of this software is that amavis-new and SpamAsassin are perl based but since I didn't write it, I use it as it is while I consider converting it over to C as a standalone app breaking away from the perl dependancies.
-- Dale
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
