Going from WinNT to Linux - Mail server virus scanning

Going from WinNT to Linux - Mail server virus scanning

Post by Archie Campbel » Sun, 06 Oct 2002 10:14:02



I will soon be replacing a WinNT box with Linux. (30 network users)
One facility on the NT box that works real well is the pop3/smtp email
server and virus scanning.
On the NT box:
   1. pop3/smtp email server - IMail from
http://www.ipswitch.com/products/IMail_Server/index.html
   2. gateway - Declude Virus from http://www.declude.com/Virus/index.html
   3. virus scanner - F-Prot from http://www.f-prot.com/index2.html

This is the one part of the NT system that I am reluctant to replace - it
works real well. All incoming email and attachments are scanned for viruses
and quantined. I get about 3 automatic emails from the site saying it caught
something.
Declude is nice cuz it coordinates the virus checking. It calls F-Prot and,
if F-Prot says the email has a virus, Declude quarantines it and sends
emails to: the sender, the recipient, the system admin person and me.

On the Linux box I think I can still use F-Prot for virus protection cuz
they say they have a Linux version.

Question:
1. What is good gateway software that provides the functionality of Declude
Virus?
2. And what is good email pop3 (and maybe imap4) software?

Thanks
Archie Campbell

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Hale » Sun, 06 Oct 2002 11:05:04



> I will soon be replacing a WinNT box with Linux. (30 network users)
> One facility on the NT box that works real well is the pop3/smtp email
> server and virus scanning.
> On the NT box:
>    1. pop3/smtp email server - IMail from
> http://www.ipswitch.com/products/IMail_Server/index.html
>    2. gateway - Declude Virus from http://www.declude.com/Virus/index.html
>    3. virus scanner - F-Prot from http://www.f-prot.com/index2.html

> This is the one part of the NT system that I am reluctant to replace - it
> works real well. All incoming email and attachments are scanned for viruses
> and quantined. I get about 3 automatic emails from the site saying it caught
> something.
> Declude is nice cuz it coordinates the virus checking. It calls F-Prot and,
> if F-Prot says the email has a virus, Declude quarantines it and sends
> emails to: the sender, the recipient, the system admin person and me.

> On the Linux box I think I can still use F-Prot for virus protection cuz
> they say they have a Linux version.

> Question:
> 1. What is good gateway software that provides the functionality of Declude
> Virus?
> 2. And what is good email pop3 (and maybe imap4) software?

> Thanks
> Archie Campbell

How about kaspersky;

http://www.kaspersky.com/

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Michael Heimin » Sun, 06 Oct 2002 19:15:02



Quote:> Question:
> 1. What is good gateway software that provides the functionality
> of Declude Virus?

Never heard about. However, www.amavis.org has a wrapper that works
great with sendmail/postfix, perhaps other MTAs.

Quote:> 2. And what is good email pop3 (and maybe imap4) software?

qpopper (POP3)

Michael Heiming
--
Remove the +SIGNS case mail bounces.

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Archie Campbel » Mon, 07 Oct 2002 07:29:33


Hale
re: "How about kaspersky; http://www.kaspersky.com/ "
Not quite what I was looking for.
Kaspersky is a virus scanner, similar to F-Prot which I already use and
like.
.
I am looking for a program that will scan emails coming in to the POP3 mail
server running on the Linux box.
This program would then call a virus scanner of my choice (like F-Prot or
MacAfee or ...)

Archie



> > I will soon be replacing a WinNT box with Linux. (30 network users)
> > One facility on the NT box that works real well is the pop3/smtp email
> > server and virus scanning.
> > On the NT box:
> >    1. pop3/smtp email server - IMail from
> > http://www.ipswitch.com/products/IMail_Server/index.html
> >    2. gateway - Declude Virus from

http://www.declude.com/Virus/index.html
Quote:> >    3. virus scanner - F-Prot from http://www.f-prot.com/index2.html

> > This is the one part of the NT system that I am reluctant to replace -
it
> > works real well. All incoming email and attachments are scanned for
viruses
> > and quantined. I get about 3 automatic emails from the site saying it
caught
> > something.
> > Declude is nice cuz it coordinates the virus checking. It calls F-Prot
and,
> > if F-Prot says the email has a virus, Declude quarantines it and sends
> > emails to: the sender, the recipient, the system admin person and me.

> > On the Linux box I think I can still use F-Prot for virus protection cuz
> > they say they have a Linux version.

> > Question:
> > 1. What is good gateway software that provides the functionality of
Declude
> > Virus?
> > 2. And what is good email pop3 (and maybe imap4) software?

> > Thanks
> > Archie Campbell

> How about kaspersky;

> http://www.kaspersky.com/

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Archie Campbel » Mon, 07 Oct 2002 07:47:09


Michael
1. Thanks for the tip on qpopper and amavis

I am still a bit confused, however..

If I pick qpopper as POP3 server, then get amavis and link to to some virus
scanning utility like F-Prot, am I done? Do I have all incoming emails virus
scanned.

Maybe I have to shift my thinking a bit.
AMaViS has nothing to do with the POP3 server.
It works with sendmail who is the SMTP guy.
So with AMaVis, F-Prot and sendmail I get all SMTP traffic, in and out
bound, scanned for virus's.
Yeah?

Thanks
Archie



> > Question:
> > 1. What is good gateway software that provides the functionality
> > of Declude Virus?

> Never heard about. However, www.amavis.org has a wrapper that works
> great with sendmail/postfix, perhaps other MTAs.

> > 2. And what is good email pop3 (and maybe imap4) software?

> qpopper (POP3)

> Michael Heiming
> --
> Remove the +SIGNS case mail bounces.

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Michael Heimin » Mon, 07 Oct 2002 15:15:32



Quote:> Michael
> 1. Thanks for the tip on qpopper and amavis
[..]  
> Maybe I have to shift my thinking a bit.
> AMaViS has nothing to do with the POP3 server.
> It works with sendmail who is the SMTP guy.
> So with AMaVis, F-Prot and sendmail I get all SMTP traffic, in and
> out bound, scanned for virus's.
> Yeah?

Yes, that's right, scanning works with the MTA (sendmail/postfix)
and alike, amavis is just a wrapper, that hands over the mails to,
whatever scanner you are using, like McAffe, Sophos and alike, you
can use multiple scanner at the same time, just be sure that the
box has enough RAM and not the slowest CPU, scanning needs some
resources. Outgoing mail will be scanned although. Try:
http://www.sendmail.org/email-explained.html

Could you please stop top posting.

Why NOT top post?
http://www.i-hate-computers.demon.co.uk/
http://www.netmeister.org/news/learn2quote2.html
http://www.jsiinc.com/newsgroup_document.htm
http://fmf.fwn.rug.nl/~anton/topposting.html
http://allmyfaqs.com/cgi-bin/wiki.pl?Top-posting_or_bottom-posting

Good luck

Michael Heiming
--
Remove the +SIGNS case mail bounces.

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Chief » Tue, 08 Oct 2002 00:21:32


05 Oct 2002 22:47 UTC, Archie Campbell typed:

Quote:> Michael
> 1. Thanks for the tip on qpopper and amavis

Qpopper is *very* nice.

Quote:> I am still a bit confused, however..

You'll get used to that feeling with Linux/Unix :-)

[snip]

Quote:> So with AMaVis, F-Prot and sendmail I get all SMTP traffic, in and out
> bound, scanned for virus's.

I would recommend Exim. A drop in replacement for Sendmail, but much
easier to configure (also favoured by the big UK ISP's). There's also
a patch available against Exim that allows external virus scanning or
spam scoring/deletion (SpamAssassin).

Details:
        http://freshmeat.net/projects/exiscan/

exiscan homepage:
        http://duncanthrax.net/exiscan/

One observation worth a mention. The Inoculate virus scanner fails to
detect viruses in Unix type mailbox files that F-Prot finds every time.
It does find them once the attachment has been decoded, but...

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Archie Campbel » Tue, 08 Oct 2002 04:59:42


Michael
re" Could you please stop top posting?."

Thanks for the links. I had no idea there were guidelines for this stuff.

I do not like leaving the entire original message and then putting my
comments after.
Rather, I prefer to pluck out the relevant points, put them at the top and
reply to them.
I failed to do this on yours, sorry
.
I found the following which I think encourages what I normally do.
Excepted from rfc1855
- if you are sending a reply to a message or a posting be sure you summarize
the original at the top of the message, or include just enough text of the
original to give a context. this will make sure readers understand when they
start to read your response. since netnews, especially, is proliferated by
distributing the postings from one host to another, it is possible to see a
response to a message before seeing the original. giving context helps
everyone. but do not include the entire original!

Yeah?

Any additional comments appreciated.

Thanks
Archie

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Archie Campbel » Tue, 08 Oct 2002 05:15:09



<snip>

Quote:> I would recommend Exim. A drop in replacement for Sendmail, but much
> easier to configure (also favoured by the big UK ISP's). There's also
> a patch available against Exim that allows external virus scanning or
> spam scoring/deletion (SpamAssassin).

<snip>

I think I am now getting the difference between the existng NT environment
and where I am going on Linux.
Does the following make sense?

On NT I have:
  1. IMail for smtp and pop3
  2. Declude which links to IMail, checks all pop3 mail and calls F-Prot for
virus protection
  3. F-Prot which does the virus scanning

On Linux I could have
  1. SMTP - sendmail or Exim or ..
  2. POP3 - qpopper or ...
  3. AMaViS that works with sendmail and could call F-Prot to do the virus
scanning
  4. F-Prot - virus scanning.

Question:
If I get "the patch available against Exim that allows external virus
scanning http://freshmeat.net/projects/exiscan/ "
this means I don't need AMaViS.
Yeah?

Thanks
Archie Campbell

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Garry Knigh » Tue, 08 Oct 2002 07:23:17



> Michael
> re" Could you please stop top posting?."

> Thanks for the links. I had no idea there were guidelines for this stuff.
[...]
> Any additional comments appreciated.

There's a newsgroup called news.announce.newusers in which about a dozen
articles are posted every month or so. All of them are useful to Usenet
users.

--
Garry Knight

Linux registered user 182025

 
 
 

Going from WinNT to Linux - Mail server virus scanning

Post by Archie Campbel » Tue, 08 Oct 2002 07:40:43




> > Michael
> > re" Could you please stop top posting?."

> > Thanks for the links. I had no idea there were guidelines for this
stuff.
> [...]
> > Any additional comments appreciated.

> There's a newsgroup called news.announce.newusers in which about a dozen
> articles are posted every month or so. All of them are useful to Usenet
> users.

> --
> Garry Knight

> Linux registered user 182025

Thanks Garry
I will subscribe to it.
Archie
 
 
 

1. Virus scanning mail server for BSD or Linux

Hi,

I'm running a small ISP, currently using entirely FreeBSD 3.1 servers.  We
use Sendmail 8.9.2 for mail.

We would like to add the facility for virus checking of all email that goes
in and out of our servers.  I've looked into this and found several
SMTP-based products for Windows NT, and a couple for Solaris, but I can't
find any that would run on my current FreeBSD servers.  The nearest I've
found is a product for SCO - which I believe FreeBSD can emulate - however I
dont know if this emulation would be good enough for a production server.

I'd be very surprised if there were any products that support FreeBSD
natively, but of course I can run BSDi and Linux binaries fairly easily
through emulation (and I have succesfully used binaries like this on
production servers without problems; the emulation seems excellent).

If needs be, I could even install a stand alone Linux server, e.g. if
there's a product that works under Linux but wont run (well) under
emulation.  But I really dont want to have to install a NT server for this
(I'd love to install a Sparc server running Solaris.. but couldnt justify
the cost yet)

If anyone knows of any products or solutions that would work, then I would
be most appreciative.

Thanks,

Tom

2. A simple question.

3. Samba server and virus scanning on Linux

4. Solaris SPARC DHCP client and hme hardware address

5. Mail-Virus-Scanning

6. Ncurses guide?

7. How safe is this: Automatic scanning of mails for virus (LONG)

8. notepad-like editor?

9. outgoing mail virus scan

10. Scanning SMTP mail for virus

11. virus scanning software for file servers?

12. Netscape Proxy Server & Virus scan

13. Howto make mail to my domain go to my ISP mail server.