alternative Antivirus & Antispam

[nuk1]

Hello Community,


we think about it to use the scalix in our company but there is one questen are they other antivirus or antispam programs who runs with scalix or are only the 2 product who named on the homepage 100% kompatible with scalix.

best regards

[les]

You can use any antispam/ antivirus tools you like. You can even run them on a seperate server and relay mail through that as a gateway.

The commtouch product uses a milter interface to talk to scalix, its commercial, i've never used it.

Scalix will filter via sendmail using SMTPFILTER. So all you need to do is find sometihng compatible with sendmail. Spamassassin and ClamAV are excellent freeware choices.
Mailscanner and mimedefang are a couple of others people have used successfully.

On the other hand people have also replaced sendmail with a postfix/ amavis solution.

Possibilities are vast, i've never had any issues with using Spamassassin and ClamAV and they are Free tools.

[ebhannes]

Hi les,

Could you tell me some details how you have configured clamav, that you get information about
- which email was infected (i can only see e.g. ~scalix/data/2324hg as infected)
- how to get a separate admin notification about users which sends or receives virus mails,
- how to put mails in quarantaine instead of deleting or just inform the sender (what an unuseful feature!)

I have absolutely no control about clamav. btw. Mailscanner is fishing at the front mailserver.

Bye
Hannes

[les]

Hi les,

Could you tell me some details how you have configured clamav, that you get information about
- which email was infected (i can only see e.g. ~scalix/data/2324hg as infected)
- how to get a separate admin notification about users which sends or receives virus mails,
- how to put mails in quarantaine instead of deleting or just inform the sender (what an unuseful feature!)

I have absolutely no control about clamav. btw. Mailscanner is fishing at the front mailserver.

Bye
Hannes

If you want that sort of information you need something like mailscanner or xamime or similar which has a quarantine area.

[ebhannes]

Thanks les,
but more interesting for me would be your dealing with this lack of information.
anyway...
that means that my next task should be the installation of mailscanner with clam.
Hopefully my scalixvm will not suffer from this.

bye
Hannes

[les]

Thanks les,
but more interesting for me would be your dealing with this lack of information.

Why would you want all that for virii???

Virii use fake sending addresses. What's the point of knowing the "supposed" originating address?
How will you ever determine if a virus really came from the address it said it did? and would you have the time? i'm too busy ;)

And why bother quarantining virii? If its a virus i don't want to know about it. In 99.99% of cases the message carries no legit data, just the virus payload and a mix of made up text.

Now spam, thats different. There are more compelling reasons to have a quarantine for spam related email.

[ebhannes]

that's exactly what bothers me when using sclix configuration clam, you get the pitty info about the sender, and you're right, this i don't want to know.
But i want to know, in case of false positive which email is involved.
Most infections are removed by out mailscanner/mcafee, which i think is more relyable than clam. but from time to time there are infected mails coming through (clam says that, and no way to proof that!) and i miss the possibility to doublecheck that.


bye

[les]

But i want to know, in case of false positive which email is involved.
Most infections are removed by out mailscanner/mcafee, which i think is more relyable than clam. but from time to time there are infected mails coming through (clam says that, and no way to proof that!) and i miss the possibility to doublecheck that.

Cant say that i've come across any false positives with clamav yet.

If you're already scanning with mailscanner/mcafee out front do you need clamav on the scalix box also?
If i had that situation and had desktop AV on all pc's i wouldn't put AV into the scalix box.

[ebhannes]

a local scan is necessary for our webmail user.