Hi Luca,
On 27.09.22 14:19, Luca Bertoncello via Exim-users wrote:
> Hi list!
>
> Currently, at office, we use Kaspersky, Avast and ClamAV as Antivirus
> programs.
> All these programs will be used within Exim, to check all inbound and
> outbound E-Mails.
>
> Now, we know, Kaspersky/Russia/problem/etc...
> So, we must search an alternative to Kaspersky.
>
> Unfortunately, I didn't found anything that works good on Linux and have
> a good recognition rate.
>
> Now the question to you: can someone suggest me one (or more!) product
> to use in enteprise context to protect our E-Mails?
> Very important: the scan _must_ be done within Exim to allow us to
> reject infected E-Mails.
>
> I tried ESET, and it seems to work good, but unfortunately is not
> available anymore...
>
I have successfully integrated WithSecure (F-Secure for Bussiness)
Scanner a few weeks ago. Integration was done using the cmdline
interface. I have a small shell script that does some additional
analysis/logging but basically, I just use
WITHSECURE_SOCKET = cmdline:\
/opt/f-secure/linuxsecurity/bin/fsanalyze %s:\
result=(infected|suspected):\
infection=([^ ]*)
There are still some few mails only recognized by KLMS. I think you can
always find a thread that is first recognized by one engine and only
later by others. Also I had to tune the WithSecure settings a bit about
archives.
Getting WithSecure installed on our servers was the harder part. Let me
know, if you need help there.
Best,
--
Patrick Cernko <pcernko@???> +49 681 9325 5815
Joint Scientific IT and Technical Service
Max-Planck-Institute für Informatik & Softwaresysteme
