adding AV scanning to working Postfix/SA system

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

adding AV scanning to working Postfix/SA system

Joe Acquisto-j4
Not to waste anyone's time, but I posted this on SA list and a Sophos site, but, came up with zip. Not even a "do-dah".  Beyond "experiences"
any leads to general "how to: guides that work in practice?

>> SOHO system, on virtual machines.   Fairly recent versions. Running openSUSE Leap 15.1.

Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,

I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.

Any experiences?



---------------------------------
       j4computers, llc
   Stone Ridge, NY 12484
        845-687-3734
   www.j4computers.com
---------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: adding AV scanning to working Postfix/SA system

Dominic Raferd

On 23/11/2020 16:34, Joe Acquisto-j4 wrote:
> Not to waste anyone's time, but I posted this on SA list and a Sophos site, but, came up with zip. Not even a "do-dah".  Beyond "experiences"
> any leads to general "how to: guides that work in practice?
>
>>> SOHO system, on virtual machines.   Fairly recent versions. Running openSUSE Leap 15.1.
> Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,
>
> I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.
>
> Any experiences?
None with Sophos products on Linux. But I use amavis as content-filter
and it in turns calls SA (which presumably you already know about) and
ClamAV. ClamAV works well provided you add various 3rd-party signatures.
I know of two tools to assist with these:
https://github.com/extremeshok/clamav-unofficial-sigs and the newer
https://github.com/rseichter/fangfrisch.
Reply | Threaded
Open this post in threaded view
|

Re: adding AV scanning to working Postfix/SA system

michael Schumacher
In reply to this post by Joe Acquisto-j4
Joe,

> Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,
> I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.

I am using amavis with clamav. Sorry, no additional commercial virus scanners, but I noticed that amavis.conf contains setups for a lot of commercial virus scanners. May be worth a look.

Michael

Reply | Threaded
Open this post in threaded view
|

Re: adding AV scanning to working Postfix/SA system

Richard Siddall
michael Schumacher wrote:

> Joe,
>
>> Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,
>> I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.
>
> I am using amavis with clamav. Sorry, no additional commercial virus scanners, but I noticed that amavis.conf contains setups for a lot of commercial virus scanners. May be worth a look.
>
> Michael
>
>

FWIW, I was going to say my impression is amavis-new was the hot ticket
several years ago, but is losing market share to rspamd.
https://rspamd.com/doc/modules/external_services.html says rspamd has
been tested with Sophos (via SAVDI).  My amavisd.conf says it works with
Sophie (unmaintained since 2004), Sophos SAVE via SAVI-Perl
(https://metacpan.org/release/SAVI-Perl from 2005), and as a last resort
Sophos sweep.

Reply | Threaded
Open this post in threaded view
|

Re: adding AV scanning to working Postfix/SA system

Joe Acquisto-j4
> michael Schumacher wrote:
>> Joe,
>>
Due to some recent malware (in attachments, obvious stuff) wanted to add AV

> scanning.   I gather "Amavis-new" is the hot ticket these days,
>>> I deal with Sophos products and would like to use their linux product to do
> the scanning.   Seems to be precious little on how to do that.
>>
>> I am using amavis with clamav. Sorry, no additional commercial virus
> scanners, but I noticed that amavis.conf contains setups for a lot of
> commercial virus scanners. May be worth a look.
>>
>> Michael
>>
>>
>
> FWIW, I was going to say my impression is amavis-new was the hot ticket
> several years ago, but is losing market share to rspamd.
> https://rspamd.com/doc/modules/external_services.html says rspamd has
> been tested with Sophos (via SAVDI).  My amavisd.conf says it works with
> Sophie (unmaintained since 2004), Sophos SAVE via SAVI-Perl
> (https://metacpan.org/release/SAVI-Perl from 2005), and as a last resort
> Sophos sweep.

I'll have a look, thanks.  The links to those references on the amavis docs page seem to
be out of date, as they lead to dead ends, far as I could tell.





---------------------------------
       j4computers, llc
   Stone Ridge, NY 12484
        845-687-3734
   www.j4computers.com
---------------------------------
Reply | Threaded
Open this post in threaded view
|

Re: adding AV scanning to working Postfix/SA system

Kenren Taisho
In reply to this post by Richard Siddall
Hi Richard,

Amavisd-new can be extended to support SAVDI. I am using it in one of my installation. Just google search amavisd + savdi, there are numerous documentation on how to do so.

Kind regards

On Tue, Nov 24, 2020, 9:07 PM Richard Siddall <[hidden email]> wrote:
michael Schumacher wrote:
> Joe,
>
>> Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,
>> I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.
>
> I am using amavis with clamav. Sorry, no additional commercial virus scanners, but I noticed that amavis.conf contains setups for a lot of commercial virus scanners. May be worth a look.
>
> Michael
>
>

FWIW, I was going to say my impression is amavis-new was the hot ticket
several years ago, but is losing market share to rspamd.
https://rspamd.com/doc/modules/external_services.html says rspamd has
been tested with Sophos (via SAVDI).  My amavisd.conf says it works with
Sophie (unmaintained since 2004), Sophos SAVE via SAVI-Perl
(https://metacpan.org/release/SAVI-Perl from 2005), and as a last resort
Sophos sweep.