Contributed by jose on from the keeping-the-enterprise-secure dept.
I used to installed electronic mail firewalls, and I typically started with the Procmail sanitizing ruleset with some additional modifications for the site. While not perfect, it caught most email viruses of both known and suspicious signatures.
Another project worth looking at is OpenAntivirus , which is an open source toolkit which works with commercial antivirus components. This allows for any UN*X system, like OpenBSD, to serve a Windows network. It may be worth seeing if it can be made to work on OpenBSD.
(Comments are closed)
By Anonymous Coward () on
By ArSa () on http://www.aptem.com
http://www.kaspersky.com/buyonline.html?chapter=748435
Comments
By Anonymous Coward () on
By Noryungi () n o r y u n g i @ y a h o o . c o m on mailto:n o r y u n g i @ y a h o o . c o m
OpenAntivirus requires Java. Is there a Java machine on OpenBSD?
I believe Sophos released their antivirus for Linux machines. Is it possible to make it work under OpenBSD with Linux emulation?
Comments
By Anonymous Coward () on
Comments
By jose () on http://www.monkey.org/~jose/
Comments
By Anonymous Coward () on
Someone gave you wrong information, they still support FreeBSD. In fact, here are some test results in which their unix software achieved 100% detection. This quote is from the Sophos website so beware of bias (but check the results anyway, they were conducted by a third party):
"Furthermore, Sophos Anti-Virus was the only product to detect every single in-the-wild virus in the on-demand detection tests conducted on the FreeBSD platform.
By John R Shannon () john@johnrshannon.com on mailto:john@johnrshannon.com
http://www.ravantivirus.com/
Comments
By Rémi Guyomarch () rguyomarch@ifn.fr on mailto:rguyomarch@ifn.fr
The virus database is updated very often and seems to catch everything thrown at it, at least for us. So far we're very happy with it.
Comments
By brad () brad@bsdatwork.com on http://www.bsdatwork.com
By Brent Hoerle () on
After the trial period, I didn't have any touble convincing the company to pay for it. I prefer open source but...
By B Palmer () on
By Anonymous Coward () on
According to its website, ClamAV uses the OpenAntiVirus database but is written in C (instead of Java), and it also lists OpenBSD as a working platform. So has anyone tried this software at all? How does it compare to other free virus scanners, and does it/the OpenAntiVirus project come anywhere close to commercial scanners?
Comments
By Simon () simon@sunsite.dk on mailto:simon@sunsite.dk
Okay, I don't run it on OpenBSD (Sorry).
Yes, qmail-scanner and ClamAV works great together. Really it's just a matter of installing ClamAV first and the qmail-scanner should find ClamAV.
Only thing is that ClamAV doesn't have as many virus definitions as commercial virus scanners. However it has definitions for all the current email viruses, so you should be okay.
By Anonymous Coward () on
http://batemail.sourceforge.net/
Comments
By Bruce () on
I don't know about batemail, but we use the exact same strategy. We pulled a list of executable extensions off of Google somewhere for our list, and there were almost 40 of them, not including .doc, .xls and a few other office types which could contain macros but which we let through because we need to.
Since filtering this way almost 2 years ago we have had a few hundred viruses punted, a handful of false positives, (self-extracting archives; plain ZIPs, please) and one virus that got through because the content-name was messed up. Didn't work anyway, like that.
If only spam was that easy to handle.
We still run Norton Corporate AV on our desktops, but it doesn't have much to do. Nobody seems to make non-Outlook viruses anymore. I even had to download an EICAR test virus recently to convince myself Norton was still working.
By number6 () number6@freesurf.fr on mailto:number6@freesurf.fr
Some K-lez and BugBear variants use this scheme
to bypass attachment filtering/removing tools.
Comments
By Anonymous Coward () on
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/
It works extremely well on OpenBSD with the FreeBSD emulation, and a trivial shell script is enough to automatically update the signature database.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Number6 () number6@freesurf.fr on mailto:number6@freesurf.fr
http://www.ijs.si/software/sophos-ide-update/
and also in the MailScanner tarball
(http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml)
--
No6
By Petr Ruzicka () pruzicka@openbsd.cz on mailto:pruzicka@openbsd.cz
Comments
By ghost () on
By Number6 () number6@freesurf.fr on mailto:number6@freesurf.fr
- if you're using DanGuardian with Squid consider DansGuardian Anti-Virus Plugin
http://www.pcxperience.org/dgvirus/
- you can have a look at Viralator :
http://viralator.loddington.com/
- else consider Squid ICAP client
http://icap-server.sourceforge.net/squid.html
(enables squid to speak the ICAP protocol for
use with any ICAP-enabled virus scanner but I'm
afraid there are not numerous)
There is also some HTTP-proxy in Trend
antivirus but it is commercial ...
I only know these tools by name ....
--
No6