[unisog] Mail Virus/Trojan Scanners

Russell Fulton r.fulton at auckland.ac.nz
Sun Nov 11 21:15:11 GMT 2001


On Fri, 9 Nov 2001 09:08:16 -0800 Drew Schaffner <drew at bioeng.ucsd.edu> 
wrote:

> 
> We are currently looking into options for implementing
> a virus/trojan scanner for our mail gateway running on
> a Linux platform. I would like to get feedback from the
> members of this list on their experiences with the
> following tools, or possibly ones I've missed. Also
> feedback regarding experiences with the actual scan
> engines (Sophos, Trend Micro, NAI, AVP, etc..) would
> be appreciated.
> 
> Considerations for a product include price for the
> scan engine and keeping it current from year to year,
> scanning of inbound as well as outbound messages, and
> timely signature updates.
>

There is also inflex and its commercial sibling xamine.
 
http://www.pldaniels.com/inflex/index.html

We recetnly tried inflex but our mailserver could not handle the 
additional load.  Inflex is written entirely in shell script and I 
suspect it could be sped up considerably by translating it to perl.  
Xamine is written in C and is supposedly much faster, but it isn't 
available for solaris at the moment.

Paul Daniels was very helpful in supporting inflex during our 
trial.

So I would like to add a question to this discussion:
How much additional crunch to you need to do AV scanning on mail?

(yeah, I know it depends on all sorts of things, like the proportion of 
MIME messages etc. but I would be very greatful for any seat of the 
pants estimates.)

Our mail server is currently handling hourly peaks of just over 10,000 
messages per hour and currently peaks at about 30% cpu utilization.

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand



More information about the unisog mailing list