J
JOSH
Can anyone recommend a good open source AV system for scanning
incoming mail on a unix/linux platform?
incoming mail on a unix/linux platform?
J
Jeffrey A. Setaro
No... There aren't any.
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
C
Conor
THere's Clam Antivirus and Bitdefender do a free linux version.JOSH said:
F
Fidel
ClamAV is an excellent "free" open source AV system for unix/linux and will
even run on windows. http://www.clamav.net
even run on windows. http://www.clamav.net
F
Frederic Bonroy
Fidel said:
Could you please define "excellent"?
N
null
At which independent antivirus testing agencies has Clam been tested
and where are the results published?
Art
http://www.epix.net/~artnpeg
J
Jeffrey A. Setaro
ROFLMAO... This is without a doubt the funniest thing I read today...
You must have very different definition "excellent" than I do.
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
J
Jeffrey A. Setaro
LOL... Art, I didn't realize you where a comedian. ;-)
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
S
Steven Stern
I'm using ClamAV. Let's see... low system impact, works and plays well with
sendmail (and other MTAs), frequent definition updates (often more than
once/day), open source, free, several people making easily installable
binaries, excellent support via mailing list.
Of course, excellence is in the eye of the beholder. What are you looking for
in a linux AV?
Steve Stern
Manager, WUGNET VirusCentral Forum
http://go.compuserve.com/viruscentral?access=public
J
Jeffrey A. Setaro
Hmm... How about reliable detection of viruses... ClamAV doesn't come
close to F-Prot, Kaspersky or Sophos in terms of detection.
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34
S
Steven Stern
Generally, ClamAV doesn't detect lab-only viruses. As of this moment, it
detects about 23,000 malware signatures. Symantec claims about 67,000 malware
signatures. If you have a question about the detection of a real-world
sample, you can submit it to http://www.gietl.com/test-clamav/
It's identified mail worms before Symantec has. The question is why does one
use an AV on Linux. I use it to scan mail on the way in to my mail server and
to scan directories shared via samba to Windows users. It operates as a
second opinion for the AV software that's (one hopes) already on those
computers.
FWIW, both Sourceforge and CompuServe use ClamAV to scan email. See
http://clamav.net/whos.html#pagestart
Steve Stern
Manager, WUGNET VirusCentral Forum
http://go.compuserve.com/viruscentral
N
null
However, users are being infested with "lab-only" malicious code
every day
Art
http://www.epix.net/~artnpeg
S
Steven Stern
However, users are being infested with "lab-only" malicious code
every day
What's the name of one (of which you have direct and personal knowledge) that
is not detected by ClamAV?
By the way, looked at your web page. Cool car! If only you'd known, at 16,
to hang on to it. <smile>
Steve Stern
Manager, WUGNET VirusCentral Forum
http://go.compuserve.com/viruscentral
N
null
One? I had sent dozens of them to the developers. The answer I
received was "Don't yet have the basic capability". That was for
polymorphics and certain macro viruses, I believe.
Wasn't that long ago. About when Clam was at about the 21,000 sig
detection point. And all the malware I submitted are available on the
internet for download, so they're not just "in a lab".
The thing is, your original post is misleading ... referring to Clam
as "excellent" when it's not on a par with even the mediocre free
antivirus products in terms of detection capabilities.
True. But it barely made it to the junk yard at summer's end
Art
http://www.epix.net/~artnpeg
J
Jeffrey A. Setaro
LOL... So far the ClamAV crew has been lucky. Most of the recent
mass-mailing worms have been simple non-polymorphic, non-macro trash
that are easily detected... Making their rather simplistic product
look "excellent" when it is really a piece of junk.
That's not saying much... A lot of AV developers can make that claim.
The name of the game is Find The Virus... So far ClamAV has been
LUCKY, not good, lucky... The sad part of it is ClamAV's developers
know about it's short comings and thus far have show no interest in
(or ability to???) fix them.
Beyond that virus scanning and content filtering at the perimeter is
not a backup to the AV software deployed on the desktop... It's your
first line of defense these days. The more junk you can keep away from
your users desktop and/or inbox the fewer messes you have to clean up.
I've gone so far as to block access to web based mail services such as
Hotmail, and public instant messaging and chat services such as AIM &
ICQ.
Yawn... I know plenty of fortune 100 companies that using McAfee
and/or Symantec products. That doesn't mean there the best or that
even find a home on my network.
Cheers-
Jeff Setaro
jasetaro@SPAM_ME_NOT_mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34