[unisog] Mail Gateway Anti-Virus Products
anne at alcor.concordia.ca
Thu Mar 28 14:34:57 GMT 2002
Gary Flynn <flynngn at jmu.edu> asks:
> I'd be interested in hearing from people doing anti-virus scanning
> on their mail gateways/servers. In particular:
> 1) What product are you using and on what server/gateway platform?
Digital Unix 4.0g, Alpha Server DS20 6/500 with 2 CPUs (this is our main
Unix platform, with 15000 accounts); sendmail/milter 8.12.2; amavisd;
> 2) How effective has it been?
Extremely effective. The intention is to deploy the scheme to the
other four mail gateways. No complaints at all from anyone, and much
> 3) How stable has it been?
I'm not satisfied yet; the amavisd milter daemon crashes several times
daily (a cron job runs every five minutes to check for it and start a new
one if necessary). However, there is one known patch to sendmail that
I have not yet applied and that promises to stabilize milter applications,
and I am not using the latest amavisd.
I do plan to update amavisd as soon as I have a chance, because the
more recent snapshots support "sophie", a daemon which links to the
Sophos library, and greatly reduces the process-spawning overhead
currently required (we now spam a Sophos "sweep" for every message
part to be scanned).
> 4) How much did it affect mail gateway/server performance?
We definitely see the amavis processes in the process listings, but this
particular host was not affected very much by the additional load. I
hope for even better results with "sophie". I am especially curious
to see what will happen on the cingle-CPU hosts.
> 5) The approximate pricing.
All components are free except for the virus scanner itself, and Sophos's
quotes came with non-disclosure. I can tell you that I'm very happy with
them, in terms of timeliness of new virus signatures, e-mail notification
of them, and possibility of automating the updates by picking them up
from the Sophos web site. I'm a little annoyed that they issue a new
software version every month, and you *have* to update it at least every
three months (because the new virus signatures may not be compatible
with software older than that), but the installation is not too onerous,
and I intend to automate that as well. I can also recommend that you
bargain -- their first quote is not necessarily their best. :-)
Ms. Anne Bennett, Senior Analyst, IITS, Concordia University, Montreal H3G 1M8
anne at alcor.concordia.ca +1 514 848-7606
More information about the unisog