ClamAV Feedback was (RE: Sendmail Milter Question)

Rick Stevens rstevens at vitalstream.com
Sat Oct 23 00:20:06 UTC 2004 

Yang Xiao wrote:
> Hi,
> Is anyone using ClamAV in a production environment? How does it stack
> up against the commecial Anti-Virus programs such as symantec etc... I
> want to setup and spam filter with vuirus scan on FC2, but have some
> reservations on using a free software antivirus product because I have
> no idea whether their virus defnitions are good and up to date.
> Many Thanks,

I use ClamAV in a fairly large production environment (three outgoing
servers, four incoming servers) serving 10,000 domains and 120,000
accounts.

I currently have ClamAV 0.80j running along with automatic freshclam
updates and clamd.  Each server has its own copy of clamd so they don't
cross-pollinate, but a single clamd on a main server was also used.  In
general, we handle between 6M and 12M messages a day (yes, that's
"million" with an "m").  This is all done with open-source software
(sendmail, procmail, ClamAV, OpenLDAP) and one custom-written package on
P4 SMP FC1 machines.  We intend to move to FC2 fairly soon, and possibly
on SMP Opterons if I can convince the "powers that be" that it would be
a "good thing".

For the most part, I'm very happy with ClamAV.  One of the fun things
to do is watch the logs roll by and grep for "detected".  It's
frightening how many worms and virii attempts go on.  We average about
100 attempts per hour--more if a new variant comes out. Yes, ClamAV
gets a workout with us and it's not failed yet.  I give ClamAV my vote.

For spam, take a look at Bogofilter.  I've found that things such as
spam-asassin don't scale well when you have traffic levels like we do
(perl-based code just isn't fast enough in our experience).
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-                       When in doubt, mumble.                       -
----------------------------------------------------------------------

More information about the fedora-list mailing list