'Re: Automated Virus Scanning'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       inet-access
Subject:    Re: Automated Virus Scanning
From:       Paul Chvostek <paul () it ! ca>
Date:       2001-09-29 8:17:30
[Download RAW message or body]


I recently posted http://pldaniels.com/inflex/ to the list, which is
free.  Another (commercial) tool is http://xamime.com/, which is sold on
a per-server basis regardless of the number of users.  I don't know
Xamime's capabilities, but I'm sure you could re-write inflex to forward
on email without the portion that was infected; however, we've found its
default behaviour to be quite acceptable.

If you're scanning upwards of 300 thousand messages a day, I'm not
sure what your load will be like if each and every message has to
get parsed twice by your mailer and possibly run through vscan et al.
We've been running inflex on a FreeBSD box that handles 20 thousand
messages a day with sendmail, and it tends to fall behind when some
of the larger mailing lists get sent out with their MIME-attached
HTML content (which must still be extracted to determine its type,
even if it isn't scanned).

You'd probably have better luck with Xamime; it's apparently *much*
faster at everything it does.  You'll still probably want to set up a
small cluster of SMTP relay hosts to balance your inbound and outbound
loads on machines that don't talk directly to your mail spool.

And you'll need to buy a license to something like McAfee's NetShield.

p


On Fri, Sep 28, 2001 at 11:33:47AM +0200, Andrew Alston wrote:
> From: Andrew Alston <andrew@security.za.net>
> To: list@inet-access.net
> Subject: Automated Virus Scanning
> 
> Hi Guys, 
> 
> Hoping someone can help me out here
> 
> I need a way to scan and clean email on the fly with as little human
> intervention as possible, under a FreeBSD/Linux system.  (Solaris is also
> an option).  If possible I need to avoid products that are on a per user
> license, due to the fact that the number of users is astronomical on this
> system.
> 
> Basically, in an ISP type enviroment, currently pushing 200 thousand
> emails a day on average incoming, and about 70 thousand emails a day
> outgoing, all of which need to be scanned.  I need the scanner to also do
> content scanning, I.E checking of attachments, so should it find an
> infected attachment it needs to clean it, repackage the email and send it
> on, instead of quarantining it, due to the number of support calls
> quarantined emails will cause.
> 
> Any suggestions would be MUCH appreciated
> 
> Thanks
> 
> Andrew Alston
> 
> -
> Recent archives of the list can be found at:
> http://mix.twistedpair.ca/pipermail/inet-access/
> Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
> Eat sushi frequently.   inet@inet-access.net is the human contact address.

-- 
  Paul Chvostek                                             <paul@it.ca>
  Operations / Development / Abuse / Whatever       vox: +1 416 598-0000
  IT Canada                                            http://www.it.ca/

-
Recent archives of the list can be found at:
http://mix.twistedpair.ca/pipermail/inet-access/
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently.   inet@inet-access.net is the human contact address.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic