[plug] BugBear Virus

[Grahame Bowland]

On Thursday 03 October 2002 21:29, Denis Brown wrote:
> Uni of WA uses something called RAV antivirus and it has performed well,
> at least from a users' perspective.   While not open source, the licence
> cost for Linux, at US$29 is a lot less than the kilodollar range
>
> :-)   (Other products, mainly CA's InoculateIT, is use on the desktops to
>
> guard against the floppy-borne and other virus attacks.)
>
> Frisk's F-PROT (http://www.f-prot.com/products/fplin.html) has a Linux
> version that is free to personal users.  Again not open source.

Sophos (in our experience at UWA) suffered badly from performance problems. It 
tended to be starting processes to scan each email. This was generally bad 
for overhead.

Someone wrote a wrapper for sophos that kept the shared library in memory and 
reimplemented the front end as a daemon. This did perform acceptably, however 
it shouldn't be necessary.

RAV+Postfix is very elegant, it basically runs another instance of postfix on 
the loopback address at a different port. As a result queueing, etc is 
handled very nicely (/etc/postfix/master.cf is your friend). The box handles 
a lot of email at about 10% CPU.

We catch roughly 2000 virii on it every day. And it was cheap, very cheap :-)

-grahame