Scalix Forums


http://www.scalix.com/forums/

McAfee Anit-Virus

http://www.scalix.com/forums/viewtopic.php?f=2&t=180

Page 1 of 1

McAfee Anit-Virus

Posted: Wed Feb 23, 2005 12:32 pm
by Stephen
What version of McAfee is supported with Scalix 9.1 and 9.2.

Posted: Fri Feb 25, 2005 5:49 am
by ScalixSupport
The testing was originally done with McAfee VirusScan for UNIX version 4.24.0.

If the command-line scan has changed between McAfee versions, you need to make changes to ~scalix/sys/omvscan.cfg to specify the correct parameters

Cheers

Dave

Scan results

Posted: Fri Feb 25, 2005 10:17 am
by Stephen
Dave,

I have a production Scalix server that has been running ClamAV as the virus protection. The site had it set fup or evaluation for 2 months before going live. During that time it was not protected. So I ran ClamAV on the data store and it found 14 viruses, trojens, etc. I had ClamAV move the file to a tmp directory.

- Then ran uvscan on the bad files in the tmp dir using the switches in the omvscan.cfg file and it found 3 of 14 viruses. It saw a couple of others as corrupted zip files.
- A day later I ran ClamAV on the ~scalix/data directory and found 4 viruses, trojan, phishing, etc. Note that ClamAV was running at the service router and the users have Trend on the Desktop. I also sent a known virus through the system and it was detected and cleaned.
- then I immediately ran McAfee uvscan on the ~scalix/data directory and found 15 more.

Two things stand our to me. Some of the viruses get through. And I'd like to run both McAffeeand ClamAV if possible.

Do you know if it is possible to run both ClamAV and McAfee together on the SR?
And what are the long term affect of running a cron to check the data staore? I suspect l omscan will be fine, but would like a second opion.

Cheers,

Stephen

Posted: Fri Feb 25, 2005 10:20 am
by ScalixSupport
To have more than one virus scanner running would require changes to the omvscan.map file and/or the omvscan.cfg file.

With regards to scanning the message store, this is not advisable because Scalix does not store messages as 1 per file (or attachment) this may give you false positives.

Cheers

Dave

dual scan configuration

Posted: Fri Feb 25, 2005 10:34 am
by Stephen
In the omvscan.cfg file is it possible to specify both engines? Something like,
ANTI_VIRUS_ENGINE="ClamAV, McAfee Virus Scam"

Or is a rewrite of the omvscan.map necessary?

Cheers,

Stephen

Posted: Fri Feb 25, 2005 10:36 am
by ScalixSupport
omvscan.map is necessary because it currently maps the name specified in the ANTI_VIRUS_ENGINE setting to a section in omvscan.cfg which defines the commands to run.

Cheers

Dave
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/