[plug] BugBear Virus
Grahame Bowland
grahame at azale.net
Sat Oct 5 19:09:45 WST 2002
On Thursday 03 October 2002 21:29, Denis Brown wrote:
> Uni of WA uses something called RAV antivirus and it has performed well,
> at least from a users' perspective. While not open source, the licence
> cost for Linux, at US$29 is a lot less than the kilodollar range
>
> :-) (Other products, mainly CA's InoculateIT, is use on the desktops to
>
> guard against the floppy-borne and other virus attacks.)
>
> Frisk's F-PROT (http://www.f-prot.com/products/fplin.html) has a Linux
> version that is free to personal users. Again not open source.
Sophos (in our experience at UWA) suffered badly from performance problems. It
tended to be starting processes to scan each email. This was generally bad
for overhead.
Someone wrote a wrapper for sophos that kept the shared library in memory and
reimplemented the front end as a daemon. This did perform acceptably, however
it shouldn't be necessary.
RAV+Postfix is very elegant, it basically runs another instance of postfix on
the loopback address at a different port. As a result queueing, etc is
handled very nicely (/etc/postfix/master.cf is your friend). The box handles
a lot of email at about 10% CPU.
We catch roughly 2000 virii on it every day. And it was cheap, very cheap :-)
-grahame
More information about the plug
mailing list