Re: Anti-Virus

[Olivier]

Alex  writes:

> Hi,
>
> On Mon, Sep 19, 2016 at 4:18 AM, Olivier  wrote:
>>> On 9/15/2016 10:27 AM, Phil Daws wrote:
 Would be interested to hear of which virus scanners work well for you with 
 Amavis ? Thanks.
>>
>> ClamAV & Kaspersky
>
> Are you using these on Fedora? Debian?

On FreeBSD :)

Olivier

-- 

Re: Anti-Virus

[Alex]

Hi,

On Mon, Sep 19, 2016 at 4:18 AM, Olivier  wrote:
>> On 9/15/2016 10:27 AM, Phil Daws wrote:
>>> Would be interested to hear of which virus scanners work well for you with 
>>> Amavis ? Thanks.
>
> ClamAV & Kaspersky

Are you using these on Fedora? Debian?

Alex
--

Re: Anti-Virus

[Alex]

Hi,

On Fri, Sep 16, 2016 at 8:24 AM, Dino  wrote:

> We use clam-av and sophos and they both seem to work really well
> complimenting each other on the same box.
>
>
> On 9/15/2016 10:27 AM, Phil Daws wrote:
>
> Would be interested to hear of which virus scanners work well for you with 
> Amavis ? Thanks.
>
>
We also implement clamav and sophos, but find that quite a few still get
through.

We've been trying to implement F-Secure, but haven't had any luck getting
it going with amavis. Their support is not helpful, and discourages
implementing it on amavisd at all, and also not on Fedora.

If anyone has success with other scanners, please let us all know.

Re: Anti-Virus

[Olivier]

> On 9/15/2016 10:27 AM, Phil Daws wrote:
>> Would be interested to hear of which virus scanners work well for you with 
>> Amavis ? Thanks.

ClamAV & Kaspersky

Olivier
-- 

Re: Anti-Virus

[Dino]

We use clam-av and sophos and they both seem to work really well 
complimenting each other on the same box.



On 9/15/2016 10:27 AM, Phil Daws wrote:

Would be interested to hear of which virus scanners work well for you with 
Amavis ? Thanks.




--
Hermes Secure Email Gateway
*Hermes Secure Email Gateway*
Hermes Secure Email Gateway combines Open Source technologies such as 
Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail 
under one unified web based Web GUI for easy administration and 
management of your incoming and ougoing email for your organization. 
Anti-spam, anti-virus and anti-malware protection, encrypted S/MIME, 
encrypted PDF and SMTP TLS support, built-in email archiving, end-user 
self-service web gui.


Download the free open-source appliance at:
http://www.deeztek.com/hermes-secure-email-gateway/

Anti-Virus

[Phil Daws]

Would be interested to hear of which virus scanners work well for you with 
Amavis ? Thanks.

Re: Anti-virus for FreeBSD

[Ricky Gutierrez]

Hi, anyone using eset?


-- 
rickygm

http://gnuforever.homelinux.com

Re: Anti-virus for FreeBSD

[Patrick Ben Koetter]

* Olivier Nicole <olivier.nic...@cs.ait.ac.th>:
> Patrick
> >> What anti-virus are you using with FreeBSD? beside ClamAV that is.
> >> 
> >> I had been using Kaspersky for years, but they are withdrawing their
> >> support for FreeBSD, so i will not renew my license in October.
> >
> > Avira's Antivirus program SAVAPI runs on BSDs. They require per user 
> > licenses.
> > You can't buy SAVAPI directly from Avira. You could buy it from us.
> 
> Avira just told me that their Unix offer is EOL June 2016, can you
> concure?

As I wrote: You can't buy SAVAPI directly from Avira. It's OEM technology they
don't sell directly. Systemintegrators, such as us, build a product around
SAVAPI and sell it.

HTH

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Anti-virus for FreeBSD

[Olivier Nicole]

Patrick
>> What anti-virus are you using with FreeBSD? beside ClamAV that is.
>> 
>> I had been using Kaspersky for years, but they are withdrawing their
>> support for FreeBSD, so i will not renew my license in October.
>
> Avira's Antivirus program SAVAPI runs on BSDs. They require per user licenses.
> You can't buy SAVAPI directly from Avira. You could buy it from us.

Avira just told me that their Unix offer is EOL June 2016, can you
concure?

best regards,

Olivier
-- 

Re: Anti-virus for FreeBSD

[Patrick Ben Koetter]

* Olivier Nicole <olivier.nic...@cs.ait.ac.th>:
> Hi,
> 
> What anti-virus are you using with FreeBSD? beside ClamAV that is.
> 
> I had been using Kaspersky for years, but they are withdrawing their
> support for FreeBSD, so i will not renew my license in October.

Avira's Antivirus program SAVAPI runs on BSDs. They require per user licenses.
You can't buy SAVAPI directly from Avira. You could buy it from us.

p@rick


-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Anti-virus for FreeBSD

[Olivier Nicole]

Hi,

What anti-virus are you using with FreeBSD? beside ClamAV that is.

I had been using Kaspersky for years, but they are withdrawing their
support for FreeBSD, so i will not renew my license in October.

So I need a replacement, that has a daemonised version of course.

Best regards,

Olivier

-- 

Re: Amavis and anti-virus engine ?

[Patrick Ben Koetter]

* Jakob Curdes :
> 
> Am 24.02.2016 um 08:41 schrieb Patrick Ben Koetter:
> >* Jakob Curdes :
> >>Yes but for the general audience this does not help very much...
> >There are quite a few vendors where you can buy a scanner based on SAVAPI 
> >like
> >any other regular product. I think it just isn't well known that such 
> >products
> >are out there and that anyone can buy them.
> >
> >p@rick
> >
> Can you give a hint !? I am interested, but I asked Avira and they
> said they do not support Linux any more.

Avira licenses per user. You can send me the number of mailboxes you need to
protect and I can send you a quote.

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Amavis and anti-virus engine ?

[Jakob Curdes]

Am 24.02.2016 um 08:41 schrieb Patrick Ben Koetter:

* Jakob Curdes :

Yes but for the general audience this does not help very much...

There are quite a few vendors where you can buy a scanner based on SAVAPI like
any other regular product. I think it just isn't well known that such products
are out there and that anyone can buy them.

p@rick

Can you give a hint !? I am interested, but I asked Avira and they said 
they do not support Linux any more.

JC

Re: Amavis and anti-virus engine ?

[Olivier Nicole]

Per-Erik Persson <pe...@kth.se> writes:

> Has anyone tried a recent clamav with YARA support and yara-rules available?

But why not using yara as yet another anti-virus directly in Amavis?

Best regards,

Olivier

-- 

Re: Amavis and anti-virus engine ?

[Olivier Nicole]

Hi,

I am using Kaspersky (on FreeBSD)

Olivier
-- 

Re: Amavis and anti-virus engine ?

[Jakob Curdes]

Am 23.02.2016 um 19:58 schrieb Per-Erik Persson:

Has anyone tried a recent clamav with YARA support and yara-rules available?
I have just played around with yara but you need to be careful and 
read/understand each rule before dropping it into the clamav DB directory.
There are rules that mark each mail without image and another marks each 
mail with an image. Clamav will detect this as infection and so will 
declare every single mail as infected.


JC

Re: Amavis and anti-virus engine ?

[Jakob Curdes]

Yes but for the general audience this does not help very much...
JC

Re: Amavis and anti-virus engine ?

[Tom Hendrikx]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 23-02-16 21:26, Patrick Ben Koetter wrote:
> * Jakob Curdes :
>> As far as I know, Avira has also discontinued their linux
>> product.
> 
> The scan engine is still available to system integrators. We are
> one of those and like the other integrators we add some magic sauce
> [tm] and wrap the engine into a product of our own.

The Avira Antivir product was indeed discontinued [1], but the SAVAPI
engine [2] is not. This is what Patrick is pointing at.

[1]
https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1491
v
[2] https://www.avira.com/en/oem-antivirus


> 
> 
>> We have augmented clamav with the sanesecurity signatures. I just
>> read about the interesting YARA project and am looking into 
>> adding these rules also.
>> 
>> Also we block .js and the old microsoft office formats.
>> 
>> Up to now this seems to work quite well, we do not see anything 
>> relevant get through.
> 
> ACK
> 
> p@rick
> 
> 
>> On our customer's mail servers we partly run the kaspersky mail 
>> scanner which works very well.
>> 
>> HTH, Jakob
>> 
>> 
>> Am 23.02.2016 um 19:50 schrieb Patrick Ben Koetter:
>>> * Olivier CALVANO :
 what is the best antivirus engine for postfix/amavis ?
 
 Because with clamav, we have a big quantity of crypto locker
 into our mail. We run on CentOS 7
>>> Good engines, which we have used in the past and would
>>> recommend are:
>>> 
>>> - Avira SAVAPI - avast! - Sophos
>>> 
>>> Reasons we think they are good:
>>> 
>>> - Fast - Efficient - Low False-Positive rate - Low impact on
>>> system (they don't install a pletora of additional software) -
>>> Good support
>>> 
>>> We tested and used others as well, but to they were crappy,
>>> instable and/or the vendor left the UNIX market. Some didn't
>>> seem to be trustworthy enough to let them handle our customers
>>> data.
>>> 
>>> You might want to check http://www.av-comparatives.org/ for
>>> regular surveys.
>>> 
>>> p@rick
>>> 
>> 
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWzMTCAAoJEJPfMZ19VO/16MUP/3tvamk0JmRgBA9iV+b20Mps
+jq5jw1VOO9fB8d5qewpcFtG4d2/+1X+d3xM8U34Gdpy/DfsDw9ZpPeaqGlV8jpj
UO8D9adziVX+CX4gWahZ0mDzN6YJZsl82/aJeo6nFBI92uHYu0uZ0SJ8XFKATUbE
PGFiat+nL0A9kKPtp3Dim0gjuHDQVcM0YOVNNb1FYXX9C28//URUDdfHDzb+C658
uBfDnKo8WSdbhCkybV9ZmZQUOXKzbhz8CelJkur0ejOgFOme+/qFMtJxguOQVxbr
3RZNeoFWfkDWQy8JNCYmkpDFbHNrQSkhzY08QLkOqsfvdKroKh+mpPukzLAZj86d
N3gmkAYPcmHWb+OcbngH6i5FCwLVmVNWAd1V8gC4+TVTpZCwe75CrIyE3q5gig+U
EDQbz+RQI16ghLtYtGSxCo/AbAddNcly3ZrABXCz6qwcBl6OncNG1J7zSQZe9M31
9TpHARzSK7mTbHC6V7RoUoyBoApq76R8p1iJrh9x/uu1BHsVfnl8U7gpWciceck8
wNxTwnBR5imslppoFAXdK7SSN6BuyzjNKpi+NDZ79DncWod4GiX2xzZX3Wsh5H4A
10zpOtpjd8df/R5cWl5Eh98RzirqXZ9w40j+Ol4Fr/fFFMihbJgQMGJgbAdDpzum
3y+Sha2tsuJcRhlR0NDX
=LTvD
-END PGP SIGNATURE-

Re: Amavis and anti-virus engine ?

[Patrick Ben Koetter]

* Jakob Curdes :
> As far as I know, Avira has also discontinued their linux product.

The scan engine is still available to system integrators. We are one of those
and like the other integrators we add some magic sauce [tm] and wrap the
engine into a product of our own.


> We have augmented clamav with the sanesecurity signatures.
> I just read about the interesting YARA project and am looking into
> adding these rules also.
> 
> Also we block .js and the old microsoft office formats.
> 
> Up to now this seems to work quite well, we do not see anything
> relevant get through.

ACK

p@rick


> On our customer's mail servers we partly run the kaspersky mail
> scanner which works very well.
> 
> HTH, Jakob
> 
> 
> Am 23.02.2016 um 19:50 schrieb Patrick Ben Koetter:
> >* Olivier CALVANO :
> >>what is the best antivirus engine for postfix/amavis ?
> >>
> >>Because with clamav, we have a big quantity of crypto locker into our mail.
> >>We run on CentOS 7
> >Good engines, which we have used in the past and would recommend are:
> >
> >- Avira SAVAPI
> >- avast!
> >- Sophos
> >
> >Reasons we think they are good:
> >
> >- Fast
> >- Efficient
> >- Low False-Positive rate
> >- Low impact on system (they don't install a pletora of additional software)
> >- Good support
> >
> >We tested and used others as well, but to they were crappy, instable and/or
> >the vendor left the UNIX market. Some didn't seem to be trustworthy enough to
> >let them handle our customers data.
> >
> >You might want to check http://www.av-comparatives.org/ for regular surveys.
> >
> >p@rick
> >
> 

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Re: Amavis and anti-virus engine ?

[Jakob Curdes]

As far as I know, Avira has also discontinued their linux product.
We have augmented clamav with the sanesecurity signatures.
I just read about the interesting YARA project and am looking into 
adding these rules also.


Also we block .js and the old microsoft office formats.

Up to now this seems to work quite well, we do not see anything relevant 
get through.
On our customer's mail servers we partly run the kaspersky mail scanner 
which works very well.


HTH, Jakob


Am 23.02.2016 um 19:50 schrieb Patrick Ben Koetter:

* Olivier CALVANO :

what is the best antivirus engine for postfix/amavis ?

Because with clamav, we have a big quantity of crypto locker into our mail.
We run on CentOS 7

Good engines, which we have used in the past and would recommend are:

- Avira SAVAPI
- avast!
- Sophos

Reasons we think they are good:

- Fast
- Efficient
- Low False-Positive rate
- Low impact on system (they don't install a pletora of additional software)
- Good support

We tested and used others as well, but to they were crappy, instable and/or
the vendor left the UNIX market. Some didn't seem to be trustworthy enough to
let them handle our customers data.

You might want to check http://www.av-comparatives.org/ for regular surveys.

p@rick

Re: Amavis and anti-virus engine ?

[Per-Erik Persson]

Has anyone tried a recent clamav with YARA support and yara-rules available?

Re: Amavis and anti-virus engine ?

[Patrick Ben Koetter]

* Olivier CALVANO :
> what is the best antivirus engine for postfix/amavis ?
> 
> Because with clamav, we have a big quantity of crypto locker into our mail.
> We run on CentOS 7

Good engines, which we have used in the past and would recommend are:

- Avira SAVAPI
- avast!
- Sophos

Reasons we think they are good:

- Fast
- Efficient
- Low False-Positive rate
- Low impact on system (they don't install a pletora of additional software)
- Good support

We tested and used others as well, but to they were crappy, instable and/or
the vendor left the UNIX market. Some didn't seem to be trustworthy enough to
let them handle our customers data.

You might want to check http://www.av-comparatives.org/ for regular surveys.

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 

Amavis and anti-virus engine ?

[Olivier CALVANO]

Hi

what is the best antivirus engine for postfix/amavis ?

Because with clamav, we have a big quantity of crypto locker into our mail.
We run on CentOS 7


Thanks for your help
regards
Olivier

Re: No anti virus code loaded skipping virus scan

[Dev]

Yes. 

Both is ok. 


 Le 20 juil. 2015 à 17:34, Marius Gologan marius.golo...@gmail.com a écrit :
 
 Hi,
 
 1. Check if antivirus daemon is runing.
 2. Check amavis user is in clamav group and viceversa, clamav user is in
 amavis group.
 
 sudo adduser clamav amavis
 sudo adduser amavis clamav
 
 Marius.
 
 -Original Message-
 From: amavis-users
 [mailto:amavis-users-bounces+marius.gologan=gmail@amavis.org] On Behalf
 Of Dev
 Sent: Monday, July 20, 2015 5:54 PM
 To: amavis-users@amavis.org
 Subject: No anti virus code loaded skipping virus scan
 
 Hey all
 
 I have postfix with amavis  clamav
 
 But when i receive one mail i have in log file : no anti virus code loaded
 skipping virus_scan
 
 Check my amavis config :
 
 HTTP://pastebin.com/DiWgjN3g
 
 Thank you
 

No anti virus code loaded skipping virus scan

[Dev]

Hey all

I have postfix with amavis  clamav

But when i receive one mail i have in log file : no anti virus code loaded 
skipping virus_scan

Check my amavis config :

HTTP://pastebin.com/DiWgjN3g

Thank you