Antivirus programs?

Hiya all!
I'm just curious about what you guys and girls has to say
about AV application for use with amavis-new?
Which ones do you like and dislike, and why?

I use Kaspersky, NOD32 and F-Secure myself at this time, but
I think I'll drop NOD32 purely because the hefty price tag.
Apart from that, I feel it's incredibly fast and good, but
the price is just too high..

Anders


------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

*bump*

Anders Norrbring skrev:
> Hiya all!
> I'm just curious about what you guys and girls has to
say about AV application for use with amavis-new?
> Which ones do you like and dislike, and why?
> 
> I use Kaspersky, NOD32 and F-Secure myself at this
time, but I think I'll drop NOD32 purely because the hefty
price tag. Apart from that, I feel it's incredibly fast and
good, but the price is just too high..
> 
> Anders

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Anders Norrbring wrote:
> *bump*
> 
> Anders Norrbring skrev:
>> Hiya all!
>> I'm just curious about what you guys and girls has
to say about AV application for use with amavis-new?
>> Which ones do you like and dislike, and why?
>>
>> I use Kaspersky, NOD32 and F-Secure myself at this
time, but I think I'll drop NOD32 purely because the hefty
price tag. Apart from that, I feel it's incredibly fast and
good, but the price is just too high..
>>
>> Anders

Anders,

My primary scanner is clamav, secondary is McAfee's command
line scanner 
(uvscan, v5.2)

With the sanesecurity and securiteinfo sigs, not much gets
past; uvscan 
rarely finds something not found by clamav.

uvscan is a bit slow (like clamscan, it has to load sigs
upon startup), 
and there is no daemonized version.  Price was reasonable
enough for my 
needs.  It does have a very large signature database.

   $ uvscan --version
   Virus Scan for Linux v5.20.0
   Copyright (c) 1992-2007 McAfee, Inc. All rights
reserved.
   (408) 988-3832  LICENSED COPY - Jun  5 2007

   Scan engine v5.2.00 for Linux.
   Virus data file v5136 created Oct 08 2007
   Scanning for 330105 viruses, trojans and variants.

MrC

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

I'm using ClamAV. It's a perfect match with Amavis, it's
fast and get's high in the reviews.

Robert Pelletier
Technicien informatique dans les écoles
Service des technologies de l'information

-----Message d'origine-----
De : amavis-user-bounceslists.sourceforge.net
[mailto:amavis-user-bounceslists.sourceforge.net] De
la part de Anders Norrbring
Envoyé : 9 octobre 2007 14:49
À : amavis-userlists.sourceforge.net
Objet : Re: [AMaViS-user] Antivirus programs?

*bump*

Anders Norrbring skrev:
> Hiya all!
> I'm just curious about what you guys and girls has to
say about AV application for use with amavis-new?
> Which ones do you like and dislike, and why?
> 
> I use Kaspersky, NOD32 and F-Secure myself at this
time, but I think I'll drop NOD32 purely because the hefty
price tag. Apart from that, I feel it's incredibly fast and
good, but the price is just too high..
> 
> Anders

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On 10/9/07, Pelletier, Robert <pelletierrcsdhr.qc.ca> wrote:
>
> I'm using ClamAV. It's a perfect match with Amavis,
it's fast and get's
> high in the reviews.
>

In my experiences clamav/clamd is much slower than other
mail scanners (even
when up against command line scanners like uvscan).  It is
still a very
useful virus scanner but not fast by any means.  For an
example... the
command line scanner uvscan takes .15 seconds while clamav
takes 2.6 seconds
for the same email.  This trend is throughout the logs.
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On 10/10/07, mouss <mlist.onlyfree.fr> wrote:
>
> Adam65535 wrote:
> > On 10/9/07, Pelletier, Robert <pelletierrcsdhr.qc.ca> wrote:
> >> I'm using ClamAV. It's a perfect match with
Amavis, it's fast and get's
> >> high in the reviews.
> >>
> >
> > In my experiences clamav/clamd is much slower than
other mail scanners
> (even
> > when up against command line scanners like
uvscan).  It is still a very
> > useful virus scanner but not fast by any means. 
For an example... the
> > command line scanner uvscan takes .15 seconds
while clamav takes 2.6seconds
> > for the same email.  This trend is throughout the
logs.
>
>
> Faster at short distances aren't the fastest at long
ones ;-p clam has a
> daemonized version, which helps avoid
fork/exec/initialize (load sig db,
> ...) for every message.
>

Read my message again.  The timings are with using clamd.
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On Friday 05 October 2007 07:53:08 Anders Norrbring wrote:
> Hiya all!
> I'm just curious about what you guys and girls has to
say about AV
> application for use with amavis-new? Which ones do you
like and dislike,
> and why?
>
> I use Kaspersky, NOD32 and F-Secure myself at this
time, but I think I'll
> drop NOD32 purely because the hefty price tag. Apart
from that, I feel it's
> incredibly fast and good, but the price is just too
high..

I'm using F-Secure, Avira, Bitdefender and F-Prot, in that
order. It's 
overkill for my requirements, but it does give excellent
coverage. By 
staggering the update times, I can be reasonably sure I have
maximum 
protection at all times.

Each of them has its benefits.

There's not much in the way of malware that gets past
F-Secure, invariably it 
has been something new where the gap between database
updates has just missed 
it, and the update scheduled a couple hours later would have
caught it.

Avira mostly seems to catch phishing mails for me, but has
also caught a 
couple of malware that were missed by F-Secure (due to the
overlapped 
updates).

Bitdefender and F-Prot rarely get reached before the
problematic mail has been 
found by the others, but I have had no problem with this
setup in several 
years.

With a throughput of only around 6000 mails a day, these
work well enough on 
my XP1700+ system with FreeBSD6/exim/amavisd-new. The box
performs several 
tasks (webserver with relatively light load, smtp/pop/imap,
routing and 
firewall), and is never overloaded. Mostly it is 90%+ idle,
and these are all 
non-daemonized versions I use.

Andy

-- 
Andy Fawcett                                     | andyathame.co.uk
                                                 | tapkde.org
"In an open world without walls and fences,      |
taplspace.org
  we wouldn't need Windows and Gates."  -- anon  |
tapfruitsalad.org

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On 10/10/07, Adam65535 <adam65535gmail.com> wrote:
>
> In my experiences clamav/clamd is much slower than
other mail scanners (even
> when up against command line scanners like uvscan).  It
is still a very
> useful virus scanner but not fast by any means.  For an
example... the
> command line scanner uvscan takes .15 seconds while
clamav takes 2.6 seconds
> for the same email.  This trend is throughout the
logs.

I've never yet seen clamd take anything close to that on
emails.  I
have to add SpamAssassin to the process to get anything
close to that
kind of delay.

As a quick test, I ran clamdscan against sample-nonspam.txt
(that came
with SpamAssassin some time back) and it took 0.015s.

Now, clamscan, that took 2.6s for the same scan (f-prot took
0.3s,
bitdefender a mind blowing 6.3).

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the
process he
        doesn't become a monster.                  Friedrich
Nietzsche

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

On 10/10/07, Rob MacGregor <rob.macgregorgmail.com> wrote:
>
> I've never yet seen clamd take anything close to that
on emails.  I
> have to add SpamAssassin to the process to get anything
close to that
> kind of delay.
>
> As a quick test, I ran clamdscan against
sample-nonspam.txt (that came
> with SpamAssassin some time back) and it took 0.015s.
>
> Now, clamscan, that took 2.6s for the same scan (f-prot
took 0.3s,
> bitdefender a mind blowing 6.3).
>

Well the timings I did locally on that simple email confirm
what everyone
else has been stating.  Uvscan is slower than clamd.  Either
I have been
transposing these two timing all this time or one of the
clamav/clamd
updates improved things.  Going by everyone comments it sure
seems like I
have been transposing these numbers :/.  These tests are all
on a 64 bit
platform with 64 bit uvscan and clamd btw.

# time /usr/bin/clamdscan /tmp/sample-nonspam.txt
real    0m0.012s
user    0m0.002s
sys     0m0.001s

# time uvscan /tmp/sample-nonspam.txt
real    0m0.659s
user    0m0.559s
sys     0m0.078s

# time /usr/bin/clamscan /tmp/sample-nonspam.txt
real    0m1.931s
user    0m1.732s
sys     0m0.178s

Even testing on a real email shows similar results:
# time uvscan /tmp/Documentation.eml
real    0m0.655s
user    0m0.561s
sys     0m0.071s

# time clamdscan /tmp/Documentation.eml
real    0m0.705s
user    0m0.001s
sys     0m0.001s

# time clamscan /tmp/Documentation.eml
real    0m2.380s
user    0m2.187s
sys     0m0.193s

Thanks for setting me straight.  Sorry for the
mis-information everyone.
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/

Adam65535 wrote:
> On 10/10/07, *Bill Landry* <billinetmsg.com <mailto:billinetmsg.com>>
> wrote:
> 
>     Adam65535 wrote:
>     > On 10/9/07, Pelletier, Robert
<pelletierrcsdhr.qc.ca
>     <mailto:pelletierrcsdhr.qc.ca>> wrote:
>     >> I'm using ClamAV. It's a perfect match
with Amavis, it's fast and
>     get's
>     >> high in the reviews.
>     >>
>     >
>     > In my experiences clamav/clamd is much slower
than other mail
>     scanners (even
>     > when up against command line scanners like
uvscan).  It is still a
>     very
>     > useful virus scanner but not fast by any
means.  For an example... the
>     > command line scanner uvscan takes .15 seconds
while clamav takes
>     2.6 seconds
>     > for the same email.  This trend is throughout
the logs.
> 
>     Those figures certainly don't match my results.  I
ran clamd and
>     uvscan for
>     quite some time (at least two years) until our
volume became too
>     great, and then
>     had to do away with uvscan because it was way too
slow.  For the
>     most part,
>     clamd timings were always sub-second, while uvscan
was always in the
>     multiple
>     second range, even as high as 17 seconds on some
scans.
> 
>     I would suggest that you are using clamscan rather
than clamd did if
>     you are
>     seeing the results you are reporting above.
> 
> 
> I disabled clamscan with amavis because the timings for
that are much
> worse than clamd so I don't want that as a backup
scanner.  I am 110%
> sure I am using clamd.  I have been running amavisd-new
with uvscan and
> clamd on a few servers with the same results in
timings.  Pretty weird
> that you are seeing different results.  Uvscan has
always been quicker
> for me with 4.x and the 5.x versions of uvscan than
clamd by far.
> 

Just for reference purposes, I still have uvscan running on
an old single proc
P350 running RedHat 9.  Here are some timing comparisons
between uvscan (Scan
engine v5.1.00 for Linux) and clamdscan (ClamAV 0.91.2):

time /usr/local/bin/uvscan --secure -rv --mime --mailbox
--noboot test.eml

real    0m6.371s
user    0m5.840s
sys     0m0.528s

===

time /usr/local/bin/clamscan --stdout --detect-broken
--block-max
--mail-follow-urls --max-recursion=15
--unzip=/usr/bin/unzip
--unrar=/usr/local/bin/unrar --arj=/usr/bin/arj
--unzoo=/usr/bin/unzoo
--lha=/usr/bin/lha --jar=/usr/bin/unzip --tar=/bin/tar
--tgz=/bin/tar -r test.eml

real    0m12.790s
user    0m11.437s
sys     0m0.480s

===

time /usr/local/bin/clamdscan test.eml

real    0m0.388s
user    0m0.004s
sys     0m0.008s

Of all of the virus scanners I've personally tested with
amavisd-new (ClamAV,
BitDefender, UVScan, Sophis, TrendMicro, Avast, AntiVir,
Panda, AVG, and
F-Prot), F-Prot is by far the fastest command-line scanner
of the bunch.  It is
almost as fast a some of the other scanners when running in
daemon mode.

time /usr/local/bin/f-prot -ai -archive=5 -dumb -noboot
-nobreak -nomem -follow
-packed -server test.eml

real    0m2.888s
user    0m2.489s
sys     0m0.395s

Anyway, just my unsolicited 2 cents...

Bill

------------------------------------------------------------
-------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and
a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user

AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/