To increase the chances of catching all of the viruses my boss would like to couple a commercial AV software.

I inherited this system and have no idea where to start looking. We are running Postfix on one machine and it sends mail to Amavis on another machines running Spamassassin and ClamAV. After processing the mail is sent back to the first server.

Is it even possible to connect multiple AV products? If so, where exactly do I need to look for the right place to add the second AV scanner?

Just schedule the scans or write a daemon for additional scans.

from my personal experience ClamAV is better at finding NEW threats than Norton or McAfee
the clam database is normally 8 to 12 hours faster than the big company's
and finds things that people PAY Norton NOT to find like there thinly disguised " child safety trackers"

but if you MUST spend cash for something you do not need .....
contact Norton or McAfee about running there Microsoft windows virus scanners on whatever linux install this is

but you ARE better off spending the cash inhouse

install and run SQUID for intrusion detection

ClamAV on the mail servers on a cron job
( or BETTER as a daemon)

KEEP the servers UP TO DATE

ClamAV is already running as a daemon on our Spam-Virus server. We have a cronjob that runs every six hours to update the signatures. Perhaps overkill, but that's what the boss wants.

The problem is that in this particular instance it took two days for ClamAV to update their signature files after I submitted an example, although TrendMicro (used by one of our customers) could already identify it. McAfee which our internal IT has on our MS-Exchange server was also identifying it before ClamAV. My boss does not want that to happen again. So, we either use ClamAV *plus* a commercial product or we use *only* the commercial product.

As I said in the original post "I inherited this system and have no idea where to start looking." So I either figure out how to *add* a commercial product to the existing system or figure out how to integrate the commercial product without ClamAV. A third alternative, which my boss mention some time ago, is to replace the entire construct (from postfix to spamassassin to ClamAV) with MS-Exchange and a commercial virus/spam scanner. Those are my choices.

the very first thing i would do is make 100% sure that the operating system that is running the mail server and the rest is UP TO DATE and a current version of the OS

it would do no good if it were say.... RHEL4.9
or a not licensed version of RHEL 5 or 6
or what ever os that this is

once up to date
then contact a for pay like Norton or trend or whom ever about running their product on your server
most have a linux version that will run on linux to LOOK for Microsoft viruses IN THE MAIL
but MS viruses do not run on a linux OS -- they can not .


however

ClamAV
rkhumter
chrootkit
and a running squid ISD on a up to date OS is VERY safe
if RHEL 5 or 6 have SE enabled and set to ENFORCING

but if your boss WANTS to through cash in the trash can ...........


you DO know that NO and i do mean NO av software will detect better than about 25 % on a unknown virus


very odd ?
Normally they are FASTER at getting out a NEW sig for a NEW virus

you say that freshclam runs in a cron job every 30 min. ( over kill )
daily or twice daily would do

and you DO have the clam daemon service RESTARTING after EVERY update

so for every 30 min
freshclam is ran
then the daemon is ALSO restarting

1 members found this post helpful.

I wonder how that would help the OP if he explicitly mentions running a MTA?..


Do you even know or read about what Amavis does? And if you don't, then what would be the value of such "advice"?


Could I ask you to back that up with objective references?


Same here but with emphasis on the people paying part? TIA.


http://www.amavis.org/#features-virus explicitly says "includes support for approx. 40 AV scanners off-the shelf (see file amavisd.conf, variable @av_scanners, for the list);".

1 members found this post helpful.

Arrgh! I was looking for amavis.conf!

Thanks!

I assumed that OP had done everything possible with the tools mentioned and I do not know of a better one.