From owner-freebsd-questions@freebsd.org  Wed Mar 23 11:46:18 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DA514AD80BB
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 23 Mar 2016 11:46:18 +0000 (UTC)
 (envelope-from Olivier.Nicole@cs.ait.ac.th)
Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id C05191A76
 for <freebsd-questions@freebsd.org>; Wed, 23 Mar 2016 11:46:18 +0000 (UTC)
 (envelope-from Olivier.Nicole@cs.ait.ac.th)
Received: by mailman.ysv.freebsd.org (Postfix)
 id BBEBEAD80B7; Wed, 23 Mar 2016 11:46:18 +0000 (UTC)
Delivered-To: questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BB8B9AD80B6
 for <questions@mailman.ysv.freebsd.org>; Wed, 23 Mar 2016 11:46:18 +0000 (UTC)
 (envelope-from Olivier.Nicole@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7207A1A75
 for <questions@freebsd.org>; Wed, 23 Mar 2016 11:46:18 +0000 (UTC)
 (envelope-from Olivier.Nicole@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (localhost [127.0.0.1])
 by mail.cs.ait.ac.th (Postfix) with ESMTP id 8F261D7882
 for <questions@freebsd.org>; Wed, 23 Mar 2016 18:46:09 +0700 (ICT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h=
 content-type:content-type:mime-version:message-id:date:date
 :in-reply-to:subject:subject:from:from:received:received
 :received; s=selector1; t=1458733568; x=1460547969; bh=DbC/b271g
 AsUcR50Ad1cGitcQu+pZJa4P5Xj3favE24=; b=ZK5W1ponoXL9nic45oVbCaA/P
 cXekoJJ6UFdSOtru+rCwDQfl/G6xoI8B0bY/9Ew9z34c0oq2Nljl/zgrWDTQfmKL
 nQB5EMMjWzAGRVe5xaHNJMMTbaLMFiAeglM9tkkPMEVRt7xKpKNKIGMotou8Sm2U
 ckNW+FHa9QSgQaulwk=
X-Virus-Scanned: amavisd-new at cs.ait.ac.th
Received: from mail.cs.ait.ac.th ([127.0.0.1])
 by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id Po0hIggqypqz for <questions@freebsd.org>;
 Wed, 23 Mar 2016 18:46:08 +0700 (ICT)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.cs.ait.ac.th (Postfix) with ESMTPS id 76231D7881
 for <questions@freebsd.org>; Wed, 23 Mar 2016 18:46:08 +0700 (ICT)
Received: (from on@localhost)
 by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id u2NBk792019181;
 Wed, 23 Mar 2016 18:46:07 +0700 (ICT)
 (envelope-from on@banyan.cs.ait.ac.th)
From: Olivier Nicole <Olivier.Nicole@cs.ait.ac.th>
To: questions@freebsd.org
Subject: Re: Anti-virus for FreeBSD
In-Reply-To: <CALfReyd21HiKFDqToV9DOJSFbUpptaOBF4cTi_N8pZSh=fDCqw@mail.gmail.com> (message
 from krad on Wed, 23 Mar 2016 10:16:26 +0000)
Date: Wed, 23 Mar 2016 18:46:06 +0700
Message-ID: <wu7io0dzabl.fsf@banyan.cs.ait.ac.th>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 11:46:18 -0000

True,

> I terms of mail you are not limited to unix bases solutions. Exim for
> example as the ability to pass the mail to a host:port for scanning. That
> means you are not limited via os and therefore av vendor.

And Amavis can do that too. But I would prefer to avoid that because:

- it's one more system to manage, update, etc. Even more, a different
  system.

- sending the mail body through the net is less efficient than sending
  it through a Unix socket (if the AV is on the same machine).

best regards,

Olivier

> On 23 March 2016 at 06:01, Wayne Sierke <ws@au.dyndns.ws> wrote:
>
>> On Tue, 2016-03-22 at 09:07 +0000, krad wrote:
>>
>> > Other than that clamav
>> > is good enough.
>>
>> I'm curious as to whether that's an objective or subjective view?
>>
>> I've got clam-av set up on a couple of mail boxes scanning incoming
>> messages and find a worrying amount of viral content still gets
>> through. Even after submitting false-negative reports, manual tests
>> conducted (days!) later have failed to detect them.
>>
>> To be fair, some of that also fails to be detected initially by
>> commercial AV scanners on MS Windows. However in one instance, for
>> example, one AV provider had an update deployed and distributed less
>> than two hours after they were notified.
>>
>> I've submitted suspect attachments to the Virus-Total web site to find
>> that it was already submitted previously, sometimes long ago, and clam-
>> av is listed with a negative detection result.
>>
>>
>
> [2:text/html Show]
>

--