Date: Sun, 23 Feb 2003 06:45:09 -0600 From: Len Conrad <LConrad@Go2France.com> To: freebsd-isp@freebsd.org Subject: Re: Antivirus for Sendmail Message-ID: <5.2.0.9.0.20030223061933.03897138@mail.go2france.com> In-Reply-To: <Pine.BSF.4.05.10302221042500.24757-100000@misery.sdf.com> References: <Pine.BSF.4.21.0302211121280.77216-100000@wow.atlasta.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've been using kavdaemon to scan 300,000 e-mails per day using Exiscan >as the connection to the MTA. It is very stable. confirmed here. One site I installed 2 years for an ISP in NJ runs about 200K msgs/day. solid as rock. other smaller sites report the same. using avcheck as the wrapper. >Letting kavdaemon scan the raw messages also allows it >detect common exploits, like the IFRAME exploit for IE. According to my >stats, kavdaemon blocks more messages with an IFRAME exploit than anything >else I block nearly all of these in postfix body_checks.regexp. while Kaspersky in a dedicated box catches a tiny number. Actually, by blocking "dangerous" attachments in the MX, our setup denies the next-hop Kaspersky nearly all the infectious fun. >I don't use the Kaspersky sendmail integration software, I found it too >expensive (per user licensing), while kavdeamon by itself just requires a >server license. exactly. most bang for the buck. > And here is a big one: no false positives. Most people aren't aware >that we are using kavdaemon. same here, and esp since no self-congratulatory : X-note: this message has been virus scanned by Kaspersky blah blah ... ... to bulk up the headers. Len To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030223061933.03897138>