Re: [Exim] Virus Scanning with mailhubs

Top Page
Delete this message
Reply to this message
Author: Richard Leyton
Date:  
To: Gyan Mathur
CC: exim-users
Subject: Re: [Exim] Virus Scanning with mailhubs
Hi,

Don't know how open you are to alternative virus scanning services -
We're using messagelabs here at Paremus, and it works a treat[1], with
no additional machines required. Just MX record changes required for
inbound, and a minor change to your exim config for outbound e-mail/and
inbound relaying[2] - It might be worth a look if you're not fixed on a
provider yet, as we've found them very cost effective and easy to get
going with (and significantly faster than using Demon's mail servers ;-)

Apparantly they use three different virus scanner providers, update
their virus db every 15 minutes or so, and have a heuristics based
solution to catch new viruses. They also check your mail hub regularly
to check it's not turned into an open relay (but we're all good at
keeping that gap closed, right!? ;-) - which struck me as "a good
thing", even if it is to ensure they don't get overwhelmed themselves.

I suppose the only caveat is that the service isn't really much use for
internally distributed e-mail viruses (ie. that don't leave your
internal mail hubs), but my take is that is the job of desktop/server
virus scanners. They should catch them, and the melissa type viruses
which proliferate via e-mail, will come through your main MX servers and
get caught by the outsourced scanner.

Messagelabs have recently introduced an spam and porn filtering service
too, which might be of interest based on this threads conversation.
Check out the tags they append at the bottom of this e-mail for the
relevant URL's.

regards,

richard.

[1] it's caught a few viruses already (mainly through tests i've
performed, including a zip attachment that included a virus somebody
pumped out to a mailing list i'm on)
[2] oh, and a monthly fee :-(

Gyan Mathur wrote:

>In response to Jethro R Binks:
>
>>We're doing exactly this, pretty much.
>>
>
>>On the mail scanning host I'm running ECS Soton's MailScanner with McAfee
>>(the comment about the EOL on McAfee was interesting, I didn't know about
>>that), but I guess the same idea would probably work for amavis and
>>exiscan, which I did briefly look at.
>>
>
>While we are on this topic: has anyone got any experience of (or know
>anything about) a commercial product supplied by a firm called
>Brightmail? Their web site www.brightmail.com contains some
>information but nothing very specific about what the product does and
>how it works, though it looks as if they supply a server and you are
>supposed to pass mail through it for virus scanning.
>
>I've been asked to look at this, so any information will be welcome!
>
>Gyan.
>
>--
>


--
Richard Leyton - Senior Consultant, Paremus Limited
http://www.paremus.com Tel. +44 207 936 9098
mailto:richard.leyton@paremus.com





_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.