[plug] Antivirus

[Craig Ringer]

On Sun, 2004-10-17 at 23:12, Margo wrote:

> I have tried setting up clamav but haven't had much joy so far. I managed to
> setup a cron job to update the av database

freshclam, the definitions update program, has a mode where it can run
as a daemon and periodically check for definitions. It will inform the
scanner server when it's updated the definitions too. A cron job is not
required.

> but have not managed to get the
> daemon running or really understand the instructions.

The clamd?

Here's how I start the ClamAV stuff (note: I actually wrap this in the
usual SysV init stuff, I'm just including the actual commands for your
use):

/usr/local/clamav/bin/freshclam -d --user=clamav --checks=6 \
    --datadir=/var/clamav --daemon-notify

/usr/local/clamav/sbin/clamd && sleep 2 \

I use clamd with clamav-milter and sendmail. Chances are you will want
to call clamdscan from a mail filter script run by your MTA instead,
something like amavis or mailscanner.

> So, What av programs do you use/recommend (if any) and how easy are they to
> setup?

I have been very happy with ClamAV. Of course, incoming mail goes
through two other tests (a rather strictly Postfix with some body and
header check regexps, then attachment stripping with MimeDefang) before
hitting ClamAV. Consequently, ClamAV catches very little - especially
now that I quarantine zip file attachments.

That said, I wasn't filtering this strictly before, and found ClamAV to
do a good job - including catching those encrypted zip file viruses.
Virus definitions came out fairly promptly, and it performed better than
the POST's original virus scanner (MailScanner for MDaemon).

--
Craig Ringer