[unisog] Mail Gateway Anti-Virus Products

Richard Gadsden gadsden at musc.edu
Thu Mar 28 16:02:23 GMT 2002


On Wed, 27 Mar 2002, Gary Flynn wrote:

> I'd be interested in hearing from people doing anti-virus scanning
> on their mail gateways/servers. In particular:
> 
> 1) What product are you using and on what server/gateway platform?
> 2) How effective has it been?
> 3) How stable has it been?
> 4) How much did it affect mail gateway/server performance?
> 5) The approximate pricing.

We use a simple tool called RenAttach on our imap servers and have been
very pleased with the results; it has greatly reduced (virtually
eliminated) email-borne malware as a problem on our campus.

We use RenAttach on our Solaris and Linux imap servers, all of which run
sendmail and cyrus. It has no significant effect on server performance and
we have had zero problems with it. It consists of a single binary built
from GPLed C source, and one simple configuration file.

Pro's:

 - very easy to install and maintain, very low processing overhead
 - attachments are never blocked, they are just sanitized to an extent,
therefore user training/acceptance issues are minimized
 - the actual content of message bodies and attachments are not inspected,
therefore user privacy issues are avoided

Con's (in the typical configuration):

 - macro viruses and the like won't be sanitized
 - outgoing email won't be sanitized

In our configuration, RenAttach filters all email being delivered to all
of our imap mailboxes. We have written complete documentation on how we've
integrated RenAttach with sendmail and cyrus which I can share if there's
interest (the author of RenAttach has not yet included our documentation
in his distribution).

RenAttach is available here: <http://www.pc-tools.net/linux/>

 --- o ---
 Richard Gadsden
 Medical University of South Carolina



More information about the unisog mailing list