Antivirus 4 linux (again, didn't reach list)

Tobias Speckbacher tobias at quova.com
Mon May 3 20:38:42 UTC 2004 

I can only second that.

 

It is very easy to set up and amavid-new already ties into SpamAssassin so that's takes care of Spam as well.

amavisd-new already has a list of attachments you can block and you can add or remove to/from that list very easily.

Notification emails are also configured via amavid-new.

 

If you are going to configure spam filtering as well, consider installing Razor/DCC/Pyzor as well to aid SpamAssasin.

 

ClamAV from watching the logs updates daily if not more often. http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb

 

 

Offsite notification for infections is pretty much useless these days, the infected email hardly ever originates from the actual person owning the mailbox.

 

http://www.ijs.si/software/amavisd/ - Amavid site

http://www.postfix.org/documentation.html - postfix docs

http://www.clamav.net <http://www.clamav.net/>  - clamav

 

As a sample of files I block by default (pipe separated):

 

vbs|pif|scr|bat|com|exe|dll|ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|vbe|wsc|wsf|wsh

 

All my infected emails are quarantined and the receiving user in my domain is sent a notification, should there be a case where the email actually contains content of value it is easy enough to retrieve it from the quarantine location.

 

-Tobias

 

 

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Cyril Drouin - Bysoft
Sent: Monday, May 03, 2004 11:38 AM
To: 'General Red Hat Linux discussion list'
Subject: RE : Antivirus 4 linux (again, didn't reach list)

 

One of the solution :

 

postfix+amavisdnew+clamav.

 

I just built a new box like that this week-end. It works quite well.

 

Cheers,

 

Cyril

	-----Message d'origine-----
	De : redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] De la part de Crucificator
	Envoyé : lundi 3 mai 2004 19:58
	À : General Red Hat Linux discussion list
	Objet : Antivirus 4 linux (again, didn't reach list)

	Bare with me for a few seconds, I know this topic has been discussed but I
	need a few more details that didn't got touched by previous postings.
	So mainly I need an av solution for e-mail scanning on mail server. BUT...
	:)
	I need to know what is your experience on dealing with mail attachments:
	1. forbidding extensions
	2. automatic deletion of attachments infected or that come in conflict with
	no.1
	3. Creating new mail for user with formerly infected message as attachment
	and with body containing message like "Infected mail received from <>"
	4. Auto-replying ONLY with verification of mail sender with mail like: "We
	received infected mail from address <>"
	
	10ks in advance
	
	P.S. Must be free, with as much sig. updates as possible

	 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-list/attachments/20040503/29b49cf8/attachment.htm>

More information about the redhat-list mailing list