[unisog] Mail Virus/Trojan Scanners
r.fulton at auckland.ac.nz
Sun Nov 11 21:15:11 GMT 2001
On Fri, 9 Nov 2001 09:08:16 -0800 Drew Schaffner <drew at bioeng.ucsd.edu>
> We are currently looking into options for implementing
> a virus/trojan scanner for our mail gateway running on
> a Linux platform. I would like to get feedback from the
> members of this list on their experiences with the
> following tools, or possibly ones I've missed. Also
> feedback regarding experiences with the actual scan
> engines (Sophos, Trend Micro, NAI, AVP, etc..) would
> be appreciated.
> Considerations for a product include price for the
> scan engine and keeping it current from year to year,
> scanning of inbound as well as outbound messages, and
> timely signature updates.
There is also inflex and its commercial sibling xamine.
We recetnly tried inflex but our mailserver could not handle the
additional load. Inflex is written entirely in shell script and I
suspect it could be sped up considerably by translating it to perl.
Xamine is written in C and is supposedly much faster, but it isn't
available for solaris at the moment.
Paul Daniels was very helpful in supporting inflex during our
So I would like to add a question to this discussion:
How much additional crunch to you need to do AV scanning on mail?
(yeah, I know it depends on all sorts of things, like the proportion of
MIME messages etc. but I would be very greatful for any seat of the
Our mail server is currently handling hourly peaks of just over 10,000
messages per hour and currently peaks at about 30% cpu utilization.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the unisog