Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm currently using ClamAV along with postfix and clamsmtp, but it uses a lot of ram. Right now it's using 73MB rss, and my mail server barely has any traffic. Is there anything else out there that is lighter weight but still has a good detection rate?
Personally, I don't recommend using anti-virus software on Linux mail servers as any viruses you get through email will not effect the server itself and it causes high CPU and ram usage. Instead I recommend all Windows user's of my mail servers to use client side scanning.
Instead I recommend all Windows user's of my mail servers to use client side scanning.
And when $IDIOT_LUSER disables his antivirus because it popped up and annoyed him, and gets a virus from a mail that you could have caught on your server.. then what?
Just saying that if you have any responsibility at all to the users of your mail server, you can prevent a lot of headaches by scanning for viruses before $GRANDMA or $TEEN_WHO_LIKES_PORN can get them.
Typically I haven't seen ClamAV pick up any viruses on my server's incoming/outgoing mail. Ironically, it's done just the opposite. Some viruses have slipped through it (SH scripts) so I disabled clam-smtp since it wasn't doing much of what it was supposed to.
I have had just the opposite experience. Clamav is a most excellent scanning tool. On a machine that has seen 4.8 million messages come to it in 24 months, clamav has stopped 51,000 for viral content. The amount of viral messages is much lower than it was 5 years ago, but they certainly still do exist. If your clamav wasn't detecting them, you must have had something mis-configured.
Well, clamav has only been installed for a few days and has caught a couple of viruses. I believe the number of viruses is low because I greylist mail servers that are on DHCP (S25R).
However on both servers it's using 95MB of ram now. I'm going to have to remove it from one of the servers, since it only has 512MB total. I'll have to experiment with other antiviruses.
I just installed Bitdefender for Unices (free for personal use). Bitdefender also makes a linux scanner that is designed for mail servers, but it is not free. However, they do offer some instructions on how to use the free version on a mail server.
I did a quick scan of /var/spool/mail with both clamav and bitdefender using the latest virus definitions.
Clamav (clamscan --log=clamscan.log -ir /var/spool/mail)
Viruses caught: 2
Time to scan: 9 minutes
Bitdefender (bdscan --log=bdscan.log --no-list /var/spool/mail/)
Viruses caught: 225
Time to scan: 32 minutes
I'm not sure yet. I was scanning very large files, so it's not a good comparison. The free version of Bitdefender has no daemon like clamd, so it's not something that will run all the time. Instead a new instance will be spawned for every email. This isn't really ideal for a mail server, but I'm going to experiment with it anyways.
I also downloaded f-prot, which comes with a daemon. However it detected ZERO viruses in the above test. I'm hoping that it just had a hard time parsing the unix-style mailboxes, and that it will do better scanning one email at a time.
Edit: Actually, the new version of f-prot (6.x) does not come with the daemon. Only the old one does (4.x). I may try the old one anyways.
Last edited by JustinHoMi; 10-26-2007 at 01:15 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.