Virus scanners with amavis and fedora

Fri Apr 14 21:37:54 CEST 2017

For low-volume mail systems, the config provided with Amavis itself is
good enough.

  ['F-Secure Antivirus for Linux servers',
    ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
    '--virus-action1=report --archive=yes --auto=yes '.
    '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
    qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
    # NOTE: internal archive handling may be switched off by '
--archive=no'
    #   to prevent fsav from exiting with status 9 on broken archives

If you get a lot of mail, you probably want to ensure that the F-Secure 
daemon is running. This will speed up processing of each mail.
Depending on the OS revision, and the specific version of F-Secure
AntiVirus, this is achieved in different ways. This is because more
modern OS versions are moving from init.d type scripts to systemd.

At least on Ubuntu 16.04, you can run

$ sudo systemctl enable fsavd

and the service will start. No need to change amavis conf, the fsav
binary handles it all for you.

You also need to modify the user that the fsavd runs as, so that amavis
can talk to it. Since I only use FSAV with amavis, I changed fsavd to
run as the amavis user.

Andy

On Fri, 2017-04-14 at 15:25 +0000, Dino Edwards wrote:
> Actually I would be interested in a how-to integrate f-secure  with
> amavisd-new on  Ubuntu.
> 
> -----Original Message-----
> From: amavis-users [mailto:amavis-users-bounces+dino.edwards=mydirect
> mail.net at amavis.org] On Behalf Of Andy Fawcett
> Sent: Friday, April 14, 2017 11:02 AM
> To: amavis-users at amavis.org
> Subject: Re: Virus scanners with amavis and fedora
> 
> On Fri, 2017-04-14 at 09:00 -0400, Alex wrote:
> > Hi,
> > 
> > On Fri, Apr 14, 2017 at 8:53 AM, Dino Edwards 
> > <dino.edwards at mydirectmail.net> wrote:
> > > What problem are you having with Macro Viruses and PDF spam?
> > 
> > They're not being caught properly :-)
> > 
> > The clamav filters just aren't updated sufficiently. And sophos is
> > a 
> > joke.
> > 
> > I'm interested in getting something like f-secure or another 
> > commercial scanner working in conjunction with sophos and clamav.
> > I've
> > tried f-secure, and I can't get it configured properly.
> 
> I've been using F-Secure for a number of years with amavisd-new, but
> on  Ubuntu.
> 
> What specific problem are you having getting it configured?
> 
> 
> Andy
> 
> 
> 
> 
> > > 
> > > -----Original Message-----
> > > From: amavis-users [mailto:amavis-users-
> > > bounces+dino.edwards=mydire
> > > ctmail.net at amavis.org] On Behalf Of Alex
> > > Sent: Thursday, April 13, 2017 8:32 PM
> > > To: amavis-users at amavis.org
> > > Subject: Virus scanners with amavis and fedora
> > > 
> > > Hi,
> > > 
> > > Does anyone have a current list of virus scanners that work with
> > > the 
> > > current version of amavis and fedora25? Of course clamav works,
> > > but 
> > > are there others? Commercial?
> > > 
> > > We've had some success with Sophos, but clamav+sane+malware is
> > > far 
> > > better. I think we need a third to help with the Word macro
> > > viruses 
> > > and PDF spam.
> > > 
> > > Thanks,
> > > Alex