[unisog] Mail Gateway Anti-Virus Products

Greg Francis francis at gonzaga.edu
Thu Mar 28 17:00:21 GMT 2002

> Gary Flynn <flynngn at jmu.edu> asks:
> >
> > I'd be interested in hearing from people doing anti-virus scanning
> > on their mail gateways/servers. In particular:
> >
> > 1) What product are you using and on what server/gateway platform?

We use the E-Mail Sanitizer
(http://www.impsec.org/email-tools/procmail-security.html), a procmail
filter. We have it installed on our two main mail hubs and our main student
mail server. All are running RedHat 7.1 with Sendmail 8.11.6. The mail hubs
examine all inbound mail and any mail that goes between our student mail
server (4500 accounts) and our two Exchange servers. Our Exchange servers
also run Norton Anti-Virus for Exchange.

The filter blocks certain attachment types completely (.exe, .com, etc),
examines Word and Excel documents for hostile code (not specific viruses),
and optionally alters certain tags within html mail. It doesn't look for any
known virus signatures unless we add a specific attachment name to the
blocked list.

> > 2) How effective has it been?

In the six months it has been installed, we have had only one significant
virus incident on our Exchange servers which was caused by someone getting a
virus through another mail provider while Outlook was running on their
workstation. We have been very pleased with it. I no longer fear the next
big Outlook/Exchange virus. Also, our users have not noticed significant
drawbacks to the blocked attachment types except that certain e-cards can't
get delivered.

> > 3) How stable has it been?

Since there's no daemon running, there's no long-term process to die. It's
invoked on the arrival of every message (about 40,000 a day for us on the
main hub). I have had some virus reports in NAV for Exchange that the filter
didn't appear to catch. It appears that they were viruses compressed using
.zip, etc. Overall, I have no complaints about stability.

> > 4) How much did it affect mail gateway/server performance?

Our main mail hub is a single PIII-850 with 512MB RAM and UW-SCSI.
Performance has not been an issue. Our backup mail hub is even smaller. The
main student server is 2x700MHz Xeon (1MB Cache) with 1GB RAM. Performance
has not been an issue on it either.

I was initially concerned about the impact it would have, but I've been
pleasantly surprised.

> > 5) The approximate pricing.

No cost. I looked into getting anti-virus software on these systems and the
cost was way out of our range.


Greg Francis, Sr. System Administrator
Central Computing and Network Support Services
Gonzaga University -- Spokane, Washington
509-323-6896    francis at gonzaga.edu

More information about the unisog mailing list