I'm currently using ClamAV along with postfix and clamsmtp, but it uses a lot of ram. Right now it's using 73MB rss, and my mail server barely has any traffic. Is there anything else out there that is lighter weight but still has a good detection rate?

Justin

Personally, I don't recommend using anti-virus software on Linux mail servers as any viruses you get through email will not effect the server itself and it causes high CPU and ram usage. Instead I recommend all Windows user's of my mail servers to use client side scanning.

And when $IDIOT_LUSER disables his antivirus because it popped up and annoyed him, and gets a virus from a mail that you could have caught on your server.. then what?

Just saying that if you have any responsibility at all to the users of your mail server, you can prevent a lot of headaches by scanning for viruses before $GRANDMA or $TEEN_WHO_LIKES_PORN can get them.

Typically I haven't seen ClamAV pick up any viruses on my server's incoming/outgoing mail. Ironically, it's done just the opposite. Some viruses have slipped through it (SH scripts) so I disabled clam-smtp since it wasn't doing much of what it was supposed to.

I have had just the opposite experience. Clamav is a most excellent scanning tool. On a machine that has seen 4.8 million messages come to it in 24 months, clamav has stopped 51,000 for viral content. The amount of viral messages is much lower than it was 5 years ago, but they certainly still do exist. If your clamav wasn't detecting them, you must have had something mis-configured.

Peace,
JimBass

Well, clamav has only been installed for a few days and has caught a couple of viruses. I believe the number of viruses is low because I greylist mail servers that are on DHCP (S25R).

However on both servers it's using 95MB of ram now. I'm going to have to remove it from one of the servers, since it only has 512MB total. I'll have to experiment with other antiviruses.

Please be sure to post your results.

I just installed Bitdefender for Unices (free for personal use). Bitdefender also makes a linux scanner that is designed for mail servers, but it is not free. However, they do offer some instructions on how to use the free version on a mail server.

I did a quick scan of /var/spool/mail with both clamav and bitdefender using the latest virus definitions.

Clamav (clamscan --log=clamscan.log -ir /var/spool/mail)
Viruses caught: 2
Time to scan: 9 minutes

Bitdefender (bdscan --log=bdscan.log --no-list /var/spool/mail/)
Viruses caught: 225
Time to scan: 32 minutes

Justin,
How was bitdefender on RAM use?

Also, (225/32) / (2/9) = 31.641 -- if you consider detections per minute, the extra time bitdefender took seems well worth it.

I'm not sure yet. I was scanning very large files, so it's not a good comparison. The free version of Bitdefender has no daemon like clamd, so it's not something that will run all the time. Instead a new instance will be spawned for every email. This isn't really ideal for a mail server, but I'm going to experiment with it anyways.

I also downloaded f-prot, which comes with a daemon. However it detected ZERO viruses in the above test. I'm hoping that it just had a hard time parsing the unix-style mailboxes, and that it will do better scanning one email at a time.

Edit: Actually, the new version of f-prot (6.x) does not come with the daemon. Only the old one does (4.x). I may try the old one anyways.

Maybe you could write a wrapper script for f-prot (6.x) that could function as a daemon.