Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm currently using ClamAV along with postfix and clamsmtp, but it uses a lot of ram. Right now it's using 73MB rss, and my mail server barely has any traffic. Is there anything else out there that is lighter weight but still has a good detection rate?
Personally, I don't recommend using anti-virus software on Linux mail servers as any viruses you get through email will not effect the server itself and it causes high CPU and ram usage. Instead I recommend all Windows user's of my mail servers to use client side scanning.
Instead I recommend all Windows user's of my mail servers to use client side scanning.
And when $IDIOT_LUSER disables his antivirus because it popped up and annoyed him, and gets a virus from a mail that you could have caught on your server.. then what?
Just saying that if you have any responsibility at all to the users of your mail server, you can prevent a lot of headaches by scanning for viruses before $GRANDMA or $TEEN_WHO_LIKES_PORN can get them.
Typically I haven't seen ClamAV pick up any viruses on my server's incoming/outgoing mail. Ironically, it's done just the opposite. Some viruses have slipped through it (SH scripts) so I disabled clam-smtp since it wasn't doing much of what it was supposed to.
I have had just the opposite experience. Clamav is a most excellent scanning tool. On a machine that has seen 4.8 million messages come to it in 24 months, clamav has stopped 51,000 for viral content. The amount of viral messages is much lower than it was 5 years ago, but they certainly still do exist. If your clamav wasn't detecting them, you must have had something mis-configured.
I just installed Bitdefender for Unices (free for personal use). Bitdefender also makes a linux scanner that is designed for mail servers, but it is not free. However, they do offer some instructions on how to use the free version on a mail server.
I did a quick scan of /var/spool/mail with both clamav and bitdefender using the latest virus definitions.
Clamav (clamscan --log=clamscan.log -ir /var/spool/mail)
Viruses caught: 2
Time to scan: 9 minutes
Bitdefender (bdscan --log=bdscan.log --no-list /var/spool/mail/)
Viruses caught: 225
Time to scan: 32 minutes
I'm not sure yet. I was scanning very large files, so it's not a good comparison. The free version of Bitdefender has no daemon like clamd, so it's not something that will run all the time. Instead a new instance will be spawned for every email. This isn't really ideal for a mail server, but I'm going to experiment with it anyways.
I also downloaded f-prot, which comes with a daemon. However it detected ZERO viruses in the above test. I'm hoping that it just had a hard time parsing the unix-style mailboxes, and that it will do better scanning one email at a time.
Edit: Actually, the new version of f-prot (6.x) does not come with the daemon. Only the old one does (4.x). I may try the old one anyways.
Last edited by JustinHoMi; 10-26-2007 at 01:15 PM.