From owner-freebsd-isp Sun Feb 23 4:45:19 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 922A737B401 for ; Sun, 23 Feb 2003 04:45:16 -0800 (PST) Received: from mgw1-out.MEIway.com (mgw1.meiway.com [212.73.210.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2820C43FA3 for ; Sun, 23 Feb 2003 04:45:15 -0800 (PST) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91]) by mgw1-out.MEIway.com (Postfix Relay Hub) with ESMTP id 50F63EF6A6 for ; Sun, 23 Feb 2003 13:33:23 +0100 (CET) Received: from localhost (localhost.meiway.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 9D4DC5D009 for ; Sun, 23 Feb 2003 13:48:14 +0100 (CET) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 4E19A5D008 for ; Sun, 23 Feb 2003 13:48:14 +0100 (CET) Received: from tx0-go2france-c.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A671F0200D6; Sun, 23 Feb 2003 14:02:41 +0100 Message-Id: <5.2.0.9.0.20030223061933.03897138@mail.go2france.com> X-Sender: LConrad@Go2France.com@mail.go2france.com X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Sun, 23 Feb 2003 06:45:09 -0600 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Antivirus for Sendmail In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I've been using kavdaemon to scan 300,000 e-mails per day using Exiscan >as the connection to the MTA. It is very stable. confirmed here. One site I installed 2 years for an ISP in NJ runs about 200K msgs/day. solid as rock. other smaller sites report the same. using avcheck as the wrapper. >Letting kavdaemon scan the raw messages also allows it >detect common exploits, like the IFRAME exploit for IE. According to my >stats, kavdaemon blocks more messages with an IFRAME exploit than anything >else I block nearly all of these in postfix body_checks.regexp. while Kaspersky in a dedicated box catches a tiny number. Actually, by blocking "dangerous" attachments in the MX, our setup denies the next-hop Kaspersky nearly all the infectious fun. >I don't use the Kaspersky sendmail integration software, I found it too >expensive (per user licensing), while kavdeamon by itself just requires a >server license. exactly. most bang for the buck. > And here is a big one: no false positives. Most people aren't aware >that we are using kavdaemon. same here, and esp since no self-congratulatory : X-note: this message has been virus scanned by Kaspersky blah blah ... ... to bulk up the headers. Len To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message