LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-20-2007, 05:55 PM   #1
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Rep: Reputation: 30
lightweight antivirus for mail server?


I'm currently using ClamAV along with postfix and clamsmtp, but it uses a lot of ram. Right now it's using 73MB rss, and my mail server barely has any traffic. Is there anything else out there that is lighter weight but still has a good detection rate?

Justin
 
Old 10-21-2007, 11:27 AM   #2
tkharris
LQ Newbie
 
Registered: Oct 2007
Location: The State Of Nuts and Fruits
Distribution: Debian
Posts: 5

Rep: Reputation: 0
Personally, I don't recommend using anti-virus software on Linux mail servers as any viruses you get through email will not effect the server itself and it causes high CPU and ram usage. Instead I recommend all Windows user's of my mail servers to use client side scanning.
 
Old 10-21-2007, 12:25 PM   #3
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,650

Rep: Reputation: 525Reputation: 525Reputation: 525Reputation: 525Reputation: 525Reputation: 525
Quote:
Originally Posted by tkharris View Post
Instead I recommend all Windows user's of my mail servers to use client side scanning.
And when $IDIOT_LUSER disables his antivirus because it popped up and annoyed him, and gets a virus from a mail that you could have caught on your server.. then what?

Just saying that if you have any responsibility at all to the users of your mail server, you can prevent a lot of headaches by scanning for viruses before $GRANDMA or $TEEN_WHO_LIKES_PORN can get them.
 
Old 10-21-2007, 10:07 PM   #4
TheZodiac
LQ Newbie
 
Registered: Oct 2007
Posts: 13

Rep: Reputation: 0
Typically I haven't seen ClamAV pick up any viruses on my server's incoming/outgoing mail. Ironically, it's done just the opposite. Some viruses have slipped through it (SH scripts) so I disabled clam-smtp since it wasn't doing much of what it was supposed to.
 
Old 10-21-2007, 11:47 PM   #5
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
I have had just the opposite experience. Clamav is a most excellent scanning tool. On a machine that has seen 4.8 million messages come to it in 24 months, clamav has stopped 51,000 for viral content. The amount of viral messages is much lower than it was 5 years ago, but they certainly still do exist. If your clamav wasn't detecting them, you must have had something mis-configured.

Peace,
JimBass
 
Old 10-24-2007, 01:33 PM   #6
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Original Poster
Rep: Reputation: 30
Well, clamav has only been installed for a few days and has caught a couple of viruses. I believe the number of viruses is low because I greylist mail servers that are on DHCP (S25R).

However on both servers it's using 95MB of ram now. I'm going to have to remove it from one of the servers, since it only has 512MB total. I'll have to experiment with other antiviruses.
 
Old 10-24-2007, 03:01 PM   #7
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
Please be sure to post your results.
 
Old 10-25-2007, 06:08 PM   #8
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Original Poster
Rep: Reputation: 30
I just installed Bitdefender for Unices (free for personal use). Bitdefender also makes a linux scanner that is designed for mail servers, but it is not free. However, they do offer some instructions on how to use the free version on a mail server.

I did a quick scan of /var/spool/mail with both clamav and bitdefender using the latest virus definitions.

Clamav (clamscan --log=clamscan.log -ir /var/spool/mail)
Viruses caught: 2
Time to scan: 9 minutes

Bitdefender (bdscan --log=bdscan.log --no-list /var/spool/mail/)
Viruses caught: 225
Time to scan: 32 minutes
 
Old 10-26-2007, 10:00 AM   #9
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
Quote:
Originally Posted by JustinHoMi View Post
Is there anything else out there that is lighter weight but still has a good detection rate?
Justin,
How was bitdefender on RAM use?

Also, (225/32) / (2/9) = 31.641 -- if you consider detections per minute, the extra time bitdefender took seems well worth it.
 
Old 10-26-2007, 01:45 PM   #10
JustinHoMi
Member
 
Registered: Apr 2001
Location: Raleigh, NC
Distribution: CentOS
Posts: 154

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by archtoad6 View Post
Justin,
How was bitdefender on RAM use?
I'm not sure yet. I was scanning very large files, so it's not a good comparison. The free version of Bitdefender has no daemon like clamd, so it's not something that will run all the time. Instead a new instance will be spawned for every email. This isn't really ideal for a mail server, but I'm going to experiment with it anyways.

I also downloaded f-prot, which comes with a daemon. However it detected ZERO viruses in the above test. I'm hoping that it just had a hard time parsing the unix-style mailboxes, and that it will do better scanning one email at a time.

Edit: Actually, the new version of f-prot (6.x) does not come with the daemon. Only the old one does (4.x). I may try the old one anyways.

Last edited by JustinHoMi; 10-26-2007 at 02:15 PM.
 
Old 10-26-2007, 02:45 PM   #11
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
Maybe you could write a wrapper script for f-prot (6.x) that could function as a daemon.
 
  


Reply

Tags
antivirus


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Antivirus for mail server Hondro Slackware 9 06-24-2006 01:39 AM
good lightweight mail server for specific usage naijaguy Linux - Software 1 02-24-2005 06:15 PM
antivirus for redhat mail server skatta Red Hat 4 05-20-2004 04:22 AM
Mail server - Content Scanning - Antivirus Solution?? Dr Solomon Linux - Networking 3 02-12-2002 12:29 PM
Mail server - Content Scanning - Antivirus Solution?? Dr Solomon Linux - General 1 02-10-2002 01:42 PM


All times are GMT -5. The time now is 06:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration