Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 Mar 2016 18:46:06 +0700
From:      Olivier Nicole <Olivier.Nicole@cs.ait.ac.th>
To:        questions@freebsd.org
Subject:   Re: Anti-virus for FreeBSD
Message-ID:  <wu7io0dzabl.fsf@banyan.cs.ait.ac.th>
In-Reply-To: <CALfReyd21HiKFDqToV9DOJSFbUpptaOBF4cTi_N8pZSh=fDCqw@mail.gmail.com> (message from krad on Wed, 23 Mar 2016 10:16:26 +0000)

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
True,

> I terms of mail you are not limited to unix bases solutions. Exim for
> example as the ability to pass the mail to a host:port for scanning. That
> means you are not limited via os and therefore av vendor.

And Amavis can do that too. But I would prefer to avoid that because:

- it's one more system to manage, update, etc. Even more, a different
  system.

- sending the mail body through the net is less efficient than sending
  it through a Unix socket (if the AV is on the same machine).

best regards,

Olivier

> On 23 March 2016 at 06:01, Wayne Sierke <ws@au.dyndns.ws> wrote:
>
>> On Tue, 2016-03-22 at 09:07 +0000, krad wrote:
>>
>> > Other than that clamav
>> > is good enough.
>>
>> I'm curious as to whether that's an objective or subjective view?
>>
>> I've got clam-av set up on a couple of mail boxes scanning incoming
>> messages and find a worrying amount of viral content still gets
>> through. Even after submitting false-negative reports, manual tests
>> conducted (days!) later have failed to detect them.
>>
>> To be fair, some of that also fails to be detected initially by
>> commercial AV scanners on MS Windows. However in one instance, for
>> example, one AV provider had an update deployed and distributed less
>> than two hours after they were notified.
>>
>> I've submitted suspect attachments to the Virus-Total web site to find
>> that it was already submitted previously, sometimes long ago, and clam-
>> av is listed with a negative detection result.
>>
>>
>
> [2:text/html Show]
>

-- 



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?wu7io0dzabl.fsf>