[unisog] Mail Gateway Anti-Virus Products

Anne Bennett anne at alcor.concordia.ca
Thu Mar 28 14:34:57 GMT 2002

Gary Flynn <flynngn at jmu.edu> asks:
> I'd be interested in hearing from people doing anti-virus scanning
> on their mail gateways/servers. In particular:
> 1) What product are you using and on what server/gateway platform?

Digital Unix 4.0g, Alpha Server DS20 6/500 with 2 CPUs (this is our main
Unix platform, with 15000 accounts); sendmail/milter 8.12.2; amavisd;

> 2) How effective has it been?

Extremely effective.  The intention is to deploy the scheme to the
other four mail gateways.  No complaints at all from anyone, and much

> 3) How stable has it been?

I'm not satisfied yet; the amavisd milter daemon crashes several times
daily (a cron job runs every five minutes to check for it and start a new
one if necessary).  However, there is one known patch to sendmail that
I have not yet applied and that promises to stabilize milter applications,
and I am not using the latest amavisd.

I do plan to update amavisd as soon as I have a chance, because the
more recent snapshots support "sophie", a daemon which links to the
Sophos library, and greatly reduces the process-spawning overhead
currently required (we now spam a Sophos "sweep" for every message
part to be scanned).

> 4) How much did it affect mail gateway/server performance?

We definitely see the amavis processes in the process listings, but this
particular host was not affected very much by the additional load.  I
hope for even better results with "sophie".  I am especially curious
to see what will happen on the cingle-CPU hosts.

> 5) The approximate pricing.

All components are free except for the virus scanner itself, and Sophos's
quotes came with non-disclosure.  I can tell you that I'm very happy with
them, in terms of timeliness of new virus signatures, e-mail notification
of them, and possibility of automating the updates by picking them up
from the Sophos web site.  I'm a little annoyed that they issue a new
software version every month, and you *have* to update it at least every
three months (because the new virus signatures may not be compatible
with software older than that), but the installation is not too onerous,
and I intend to automate that as well.  I can also recommend that you
bargain -- their first quote is not necessarily their best. :-)

Ms. Anne Bennett, Senior Analyst, IITS, Concordia University, Montreal H3G 1M8
anne at alcor.concordia.ca                                        +1 514 848-7606

More information about the unisog mailing list