adding AV scanning to working Postfix/SA system

Not to waste anyone's time, but I posted this on SA list and a Sophos site, but, came up with zip. Not even a "do-dah".  Beyond "experiences"
any leads to general "how to: guides that work in practice?

>> SOHO system, on virtual machines.   Fairly recent versions. Running openSUSE Leap 15.1.

Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,

I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.

Any experiences?



---------------------------------
       j4computers, llc
   Stone Ridge, NY 12484
        845-687-3734
   www.j4computers.com
---------------------------------

On 23/11/2020 16:34, Joe Acquisto-j4 wrote:
> Not to waste anyone's time, but I posted this on SA list and a Sophos site, but, came up with zip. Not even a "do-dah".  Beyond "experiences"
> any leads to general "how to: guides that work in practice?
>
>>> SOHO system, on virtual machines.   Fairly recent versions. Running openSUSE Leap 15.1.
> Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,
>
> I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.
>
> Any experiences?
None with Sophos products on Linux. But I use amavis as content-filter
and it in turns calls SA (which presumably you already know about) and
ClamAV. ClamAV works well provided you add various 3rd-party signatures.
I know of two tools to assist with these:
https://github.com/extremeshok/clamav-unofficial-sigs and the newer
https://github.com/rseichter/fangfrisch.

Joe,

> Due to some recent malware (in attachments, obvious stuff) wanted to add AV scanning.   I gather "Amavis-new" is the hot ticket these days,
> I deal with Sophos products and would like to use their linux product to do the scanning.   Seems to be precious little on how to do that.

I am using amavis with clamav. Sorry, no additional commercial virus scanners, but I noticed that amavis.conf contains setups for a lot of commercial virus scanners. May be worth a look.

Michael

michael Schumacher wrote:
FWIW, I was going to say my impression is amavis-new was the hot ticket
several years ago, but is losing market share to rspamd.
https://rspamd.com/doc/modules/external_services.html says rspamd has
been tested with Sophos (via SAVDI).  My amavisd.conf says it works with
Sophie (unmaintained since 2004), Sophos SAVE via SAVI-Perl
(https://metacpan.org/release/SAVI-Perl from 2005), and as a last resort
Sophos sweep.

> michael Schumacher wrote:
>> Joe,
>>
Due to some recent malware (in attachments, obvious stuff) wanted to add AV
I'll have a look, thanks.  The links to those references on the amavis docs page seem to
be out of date, as they lead to dead ends, far as I could tell.





---------------------------------
       j4computers, llc
   Stone Ridge, NY 12484
        845-687-3734
   www.j4computers.com
---------------------------------