OpenBSD Journal

Anti Virus Solutions

Contributed by jose on from the keeping-the-enterprise-secure dept.

Some time ago someone asked about antivirus products which can be used on OpenBSD. This would include scanning files on a file server, scanning electronic mail, and possibly even scanning network shares (via Samba and the antivirus software).

I used to installed electronic mail firewalls, and I typically started with the Procmail sanitizing ruleset with some additional modifications for the site. While not perfect, it caught most email viruses of both known and suspicious signatures.

Another project worth looking at is OpenAntivirus , which is an open source toolkit which works with commercial antivirus components. This allows for any UN*X system, like OpenBSD, to serve a Windows network. It may be worth seeing if it can be made to work on OpenBSD.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    Check out www.centralcommand.com for antivirus solutions for Windows desktops, Unix email and file servers.

  2. By ArSa () on http://www.aptem.com

    It's very good antivirus overall and it works on open.
    http://www.kaspersky.com/buyonline.html?chapter=748435

    Comments
    1. By Anonymous Coward () on

      Wasn't Kapersky the firm of which their maillist was hijacked and used to send some Virus to all subscribers?

  3. By Noryungi () n o r y u n g i @ y a h o o . c o m on mailto:n o r y u n g i @ y a h o o . c o m


    OpenAntivirus requires Java. Is there a Java machine on OpenBSD?

    I believe Sophos released their antivirus for Linux machines. Is it possible to make it work under OpenBSD with Linux emulation?

    Comments
    1. By Anonymous Coward () on

      They released it for FreeBSD too, which I've been using for quite some time on mail and file servers. It should probably work on Open/Net/BSD using FreeBSD binary emulation but I haven't tried yet. I would definetly recommend Sophos to the original poster (and anyone else), wonderful anti-virus product.

      Comments
      1. By jose () on http://www.monkey.org/~jose/

        sophos stopped supporting freebsd i was told (one person removed from sophos, a sophos customer). however, i have been remarkably disappointed in the detection quality in sophos and their customer support. hence, i didn't want to suggest them. however, if others have had good luck with them, then all the better.

        Comments
        1. By Anonymous Coward () on

          I'm not sure why you've had such bad luck with the detection, I've had nothing but great luck with their products.

          Someone gave you wrong information, they still support FreeBSD. In fact, here are some test results in which their unix software achieved 100% detection. This quote is from the Sophos website so beware of bias (but check the results anyway, they were conducted by a third party):

          "Furthermore, Sophos Anti-Virus was the only product to detect every single in-the-wild virus in the on-demand detection tests conducted on the FreeBSD platform.

  4. By John R Shannon () john@johnrshannon.com on mailto:john@johnrshannon.com

    RAV antivirus is available for OpenBSD to work with mail servers. They have one foe Postfix on OpenBSD and I'm not shure what else. They've got a 30-day trial download, so you might give it a try:

    http://www.ravantivirus.com/

    Comments
    1. By Rémi Guyomarch () rguyomarch@ifn.fr on mailto:rguyomarch@ifn.fr

      One the the best thing in RAV is that it's available for many different Unices and for the main MTAs out there (postfix, sendmail [2 versions], qmail and others). It's nearly a cross-everything solution :)

      The virus database is updated very often and seems to catch everything thrown at it, at least for us. So far we're very happy with it.

      Comments
    2. By Brent Hoerle () on

      My company has been using it for over a year now. It has caught thousands of infected messages. Too many employees (especially in South America) were disabling their Windows AV because "it slows things down"; there have been no infections since.

      After the trial period, I didn't have any touble convincing the company to pay for it. I prefer open source but...

  5. By B Palmer () on

    I played with H+BEDV antivir (http://www.hbedv.com) software in the past. They have OpenBSD binaries available with a free for individual use licensing scheme.

  6. By Anonymous Coward () on

    Has anyone tried clamav (http://clamav.elektrapro.com)? I'm thinking of trying it out in combination with qmail-scanner (http://qmail-scanner.sourceforge.net/), which apparently has support for it.
    According to its website, ClamAV uses the OpenAntiVirus database but is written in C (instead of Java), and it also lists OpenBSD as a working platform. So has anyone tried this software at all? How does it compare to other free virus scanners, and does it/the OpenAntiVirus project come anywhere close to commercial scanners?

    Comments
    1. By Simon () simon@sunsite.dk on mailto:simon@sunsite.dk

      I tried it. I use it.

      Okay, I don't run it on OpenBSD (Sorry).
      Yes, qmail-scanner and ClamAV works great together. Really it's just a matter of installing ClamAV first and the qmail-scanner should find ClamAV.

      Only thing is that ClamAV doesn't have as many virus definitions as commercial virus scanners. However it has definitions for all the current email viruses, so you should be okay.

  7. By Anonymous Coward () on

    Personaly I use batemail to remove all executable attachments. Its a simple perl script that replaces mime attachments that have an executable extension (.exe, .bat, whatever) with a block of text explaining why it was removed. The cool part is you dont have to update everytime some crackhead releases a new virus.

    http://batemail.sourceforge.net/

    Comments
    1. By Bruce () on

      I don't know about batemail, but we use the exact same strategy. We pulled a list of executable extensions off of Google somewhere for our list, and there were almost 40 of them, not including .doc, .xls and a few other office types which could contain macros but which we let through because we need to.

      Since filtering this way almost 2 years ago we have had a few hundred viruses punted, a handful of false positives, (self-extracting archives; plain ZIPs, please) and one virus that got through because the content-name was messed up. Didn't work anyway, like that.

      If only spam was that easy to handle.

      We still run Norton Corporate AV on our desktops, but it doesn't have much to do. Nobody seems to make non-Outlook viruses anymore. I even had to download an EICAR test virus recently to convince myself Norton was still working.

    2. By number6 () number6@freesurf.fr on mailto:number6@freesurf.fr

      Does it handle invalid MIME stuff ?
      Some K-lez and BugBear variants use this scheme
      to bypass attachment filtering/removing tools.

      Comments
      1. By Anonymous Coward () on

        Some older versions had a problem with klez due to invalid mime but a fix has been in the script for some time.

  8. By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/

    My company is using the Sophos Antivirus with Qmail and the QScan filter.

    It works extremely well on OpenBSD with the FreeBSD emulation, and a trivial shell script is enough to automatically update the signature database.

    Comments
    1. By Anonymous Coward () on

      I can second the sophos+qmail solution (although I am using linux for the job). Sophos is top notch.

    2. By Anonymous Coward () on

      Here's a link to an update script from the amavis.org website. I had to make some minor modifications for it to match my needs.

      Comments
      1. By Number6 () number6@freesurf.fr on mailto:number6@freesurf.fr

        Have also a look at :
        http://www.ijs.si/software/sophos-ide-update/
        and also in the MailScanner tarball
        (http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml)
        --
        No6

  9. By Petr Ruzicka () pruzicka@openbsd.cz on mailto:pruzicka@openbsd.cz

    Anybody knows any antivirus solution for Squid (and for OpenBSD) ? I have great experiences with RAV, however it is only available for mail traffic. I know VirusWall, MicroTrends doesn't have it for OpenBSD and it is expensive as well. any clues ?

    Comments
    1. By ghost () on

      http://sourceforge.net/project/showfiles.php?group_id=10590&release_id=68273

    2. By Number6 () number6@freesurf.fr on mailto:number6@freesurf.fr

      Hi Petr,

      - if you're using DanGuardian with Squid consider DansGuardian Anti-Virus Plugin
      http://www.pcxperience.org/dgvirus/
      - you can have a look at Viralator :
      http://viralator.loddington.com/
      - else consider Squid ICAP client
      http://icap-server.sourceforge.net/squid.html
      (enables squid to speak the ICAP protocol for
      use with any ICAP-enabled virus scanner but I'm
      afraid there are not numerous)
      There is also some HTTP-proxy in Trend
      antivirus but it is commercial ...

      I only know these tools by name ....

      --
      No6

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]