I'm currently looking for a Cheap / Free VirusScan solution for my Linux Mail Server.
We currently have all mail coming in through a Central Server that is scanning with Mcafee VirusScan but I would like to setup a 2nd line of defense with virus scan on my mail server at this location also. I'm not objected to purchasing a retail copy if that is the best route but since it is the 2nd VirusScan I would be fine with a opensource free version.

I'm also running SpamAssassin so I would like that to work with it also.
Any suggestions on a good reliable version with frequent DAT updates?

Thanks for your help!
Vince

P.S. it would be great if the VirusScan software could replace a offending attachment type such as *.EXE or *.BAT etc with AttachmentReplaced.txt at the same time. Maybe this could be done with SpamAssassin? I've got the ProcMail attachment part working but i have it moving it to a folder that I have to manually track etc and I would like the mail to still be sent but replace the attachment that is not allowed.

http://clamav.sourceforge.net

next question...

I currently use amavisd-new with 2 antivirus checkers..
The list of acceptable A/V checkers is quite long..

Both checkers I use will work just as demo versions as they don't need to clean, just detect, but they run a whole lot faster as licensed versions..

Here's the next question... {smile}

I feel i'm so close to getting all this to work but I just can't get the last piece of the puzzle.
My Sendmail is working good, SpamAssassin looks good, and ClamAV is Scanning / Updating etc and can be ran manually fine.
But (Always a but hey) when I restart Sendmail I get the following in my /var/log/mail

Aug 17 20:07:34 emurray mimedefang[5926]: Multiplexor alive - entering main loop
Aug 17 20:07:34 emurray sendmail[5930]: starting daemon (8.12.10): SMTP+queueing@00:30:00
Aug 17 20:07:34 emurray sendmail-client[5934]: starting daemon (8.12.10): persistent-queueing@00:30:00
Aug 17 20:07:34 emurray mimedefang[5926]: MIMEDefang-2.44: st_optionneg[1079536560]: 0x1f does not fulfill action requirements 0x3f
Aug 17 20:07:34 emurray sendmail[5936]: i7I27YaC005936: milter_read(mimedefang): cmd read returned 0, expecting 5
Aug 17 20:07:34 emurray sendmail[5936]: i7I27YaC005936: Milter (mimedefang): to error state
Aug 17 20:07:34 emurray sendmail[5936]: i7I27YaC005936: Milter (mimedefang): init failed to open
Aug 17 20:07:34 emurray sendmail[5936]: i7I27YaC005936: Milter (mimedefang): to error state
Aug 17 20:07:34 emurray sendmail[5936]: i7I27YaC005936: Milter: initialization failed, temp failing commands
Aug 17 20:07:34 emurray sendmail-client[5935]: i7HNapkh008022: to=myemail@sasktel.net, ctladdr=root (0/0), delay=02:30:43, xdelay=00:00:00, mailer=relay, pri=1290275, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.7.1 Please try again later
Aug 17 20:07:37 emurray mimedefang-multiplexor[5914]: Starting slave 1 (pid 5938) (2 running): Bringing slaves up to minSlaves (2)
Aug 17 20:07:38 emurray mimedefang[5771]: MIMEDefang-2.44: mi_stop=1

- Now I believe everything is looking good (I hope) my sendmail restarts and it creates the /var/spool/mimedefang.sock correctly but I wonder about the permissions on it... I've added the group and user defang as it suggested and tried permissions of 700 and 755 but still the same results. The directory has rights for defang:defang and currently set with 755 but the files are created as defang:users on boot.

- If I remove the call to the MIMEDefang filter from my sendmail.mc file all mail send's fine so it's balling up with that.

*************************************************************
Here is one other senario I have... If I change my sendmail.mc filter line from this :
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m'

To This :
MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:15m;S:4m;R:4m;E:10m')dnl define(`confINPUT_MAIL_FILTERS', `mimedefang')dnl

I can create a new sendmail.cf from the m4 command and restart sendmail etc (Reboot the computer because I still have the Windows Concept but still doesn't work) and It appears as if MIMEDefang is loaded etc but It doesn't scan anything. Maybe the 2nd command is better and I fubared it somewhere else?

Here is my log with the new command in my sendmail.mc :
(All Mail "DOES" send though, no reference to scanning, Blocking, or Spam Filtering though.)

Aug 18 08:59:15 emurray mimedefang-multiplexor[4048]: Received SIGTERM: Killing slaves and terminating
Aug 18 08:59:15 emurray mimedefang-multiplexor[4048]: Reap: Killed slave 0 (pid 4049) exited due to SIGTERM/SIGKILL as expected.
Aug 18 08:59:15 emurray mimedefang-multiplexor[4048]: Slave 0 resource usage: req=0, scans=0, user=0.901, sys=0.069, nswap=0, majflt=0, minflt=6763, maxrss=0, bi=0, bo=0
Aug 18 08:59:15 emurray mimedefang-multiplexor[4048]: Reap: Killed slave 1 (pid 4156) exited due to SIGTERM/SIGKILL as expected.
Aug 18 08:59:15 emurray mimedefang-multiplexor[4048]: Slave 1 resource usage: req=0, scans=0, user=0.899, sys=0.062, nswap=0, majflt=0, minflt=6763, maxrss=0, bi=0, bo=0
Aug 18 08:59:15 emurray mimedefang-multiplexor[4971]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10
Aug 18 08:59:15 emurray mimedefang-multiplexor[4971]: Starting slave 0 (pid 4972) (1 running): Bringing slaves up to minSlaves (2)
Aug 18 08:59:15 emurray mimedefang[4983]: Multiplexor alive - entering main loop
Aug 18 08:59:15 emurray sendmail[4987]: starting daemon (8.12.10): SMTP+queueing@00:30:00
Aug 18 08:59:15 emurray sendmail-client[4991]: starting daemon (8.12.10): persistent-queueing@00:30:00
Aug 18 08:59:18 emurray mimedefang[4067]: MIMEDefang-2.44: mi_stop=1
Aug 18 08:59:18 emurray mimedefang-multiplexor[4971]: Starting slave 1 (pid 5005) (2 running): B
ringing slaves up to minSlaves (2)

Lastly, is there supposed to be a MIMEDefang-2.44:mi_stop=1 at the end when I do a rcsendmail restart?

Information :
SuSE 9.1
sendmail-8.12.10-158
spamassassin-2.63-32
MIMEDefang-2.44
ClamAV-0.75.1

Hope all that makes sense to get me in the right direction.
Thanks,
Eric