From owner-freebsd-isp Sat Feb 22 12: 1: 6 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C56437B401 for ; Sat, 22 Feb 2003 12:01:05 -0800 (PST) Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9569543FD7 for ; Sat, 22 Feb 2003 12:01:03 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 18mei3-0003G5-00; Sat, 22 Feb 2003 10:49:15 -0800 Date: Sat, 22 Feb 2003 10:49:10 -0800 (PST) From: Tom Samplonius To: David Raistrick Cc: Paul Khavkine , freebsd-isp@FreeBSD.ORG Subject: Re: Antivirus for Sendmail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 21 Feb 2003, David Raistrick wrote: > > AVP > > I tried both freebsd and linux versions of AVP's scanners as of late 2001 > early 2002. I worked with their sendmail versions as well as their > qmail-queue replacement. I also used their kavscanner and attempted to > use kavdaemon. My overall impression was "very unstable" though at this > late date I don't have further specifics. It's very possible that they've > fixed some of the problems I encountered at the time. ... I've been using kavdaemon to scan 300,000 e-mails per day using Exiscan as the connection to the MTA. It is very stable. kavdaemon can scan into archives, and can scan MIME attachments without conversion, making it quite quick. Letting kavdaemon scan the raw messages also allows it detect common exploits, like the IFRAME exploit for IE. According to my stats, kavdaemon blocks more messages with an IFRAME exploit than anything else (I think spammers are using the IFRAME exploit to launch browsers to their web site). I don't use the Kaspersky sendmail integration software, I found it too expensive (per user licensing), while kavdeamon by itself just requires a server license. And here is a big one: no false positives. Most people aren't aware that we are using kavdaemon. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message