Virus scanners with amavis and fedora

Fri Apr 14 22:14:11 CEST 2017

On Fri, 2017-04-14 at 22:37 +0300, Andy Fawcett wrote:
> For low-volume mail systems, the config provided with Amavis itself
> is
> good enough.
> 
>   ['F-Secure Antivirus for Linux servers',
>     ['/opt/f-secure/fsav/bin/fsav', 'fsav'],
>     '--virus-action1=report --archive=yes --auto=yes '.
>     '--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
>     qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
>     # NOTE: internal archive handling may be switched off by '
> --archive=no'
>     #   to prevent fsav from exiting with status 9 on broken archives
> 
> If you get a lot of mail, you probably want to ensure that the F-
> Secure 
> daemon is running. This will speed up processing of each mail.
> Depending on the OS revision, and the specific version of F-Secure
> AntiVirus, this is achieved in different ways. This is because more
> modern OS versions are moving from init.d type scripts to systemd.
> 
> At least on Ubuntu 16.04, you can run
> 
> $ sudo systemctl enable fsavd
> 
> and the service will start.

Correction: I needed to copy fsavd from the application directory to
/etc/init.d/ and chmod 755 it. Only then will systemctl handle it.

>  No need to change amavis conf, the fsav
> binary handles it all for you.
> 
> You also need to modify the user that the fsavd runs as, so that
> amavis
> can talk to it. Since I only use FSAV with amavis, I changed fsavd to
> run as the amavis user.
> 
> 
> 
> Andy
> 
> 
> 
> On Fri, 2017-04-14 at 15:25 +0000, Dino Edwards wrote:
> > Actually I would be interested in a how-to integrate f-secure  with
> > amavisd-new on  Ubuntu.
> > 
> > -----Original Message-----
> > From: amavis-users [mailto:amavis-users-
> > bounces+dino.edwards=mydirect
> > mail.net at amavis.org] On Behalf Of Andy Fawcett
> > Sent: Friday, April 14, 2017 11:02 AM
> > To: amavis-users at amavis.org
> > Subject: Re: Virus scanners with amavis and fedora
> > 
> > On Fri, 2017-04-14 at 09:00 -0400, Alex wrote:
> > > Hi,
> > > 
> > > On Fri, Apr 14, 2017 at 8:53 AM, Dino Edwards 
> > > <dino.edwards at mydirectmail.net> wrote:
> > > > What problem are you having with Macro Viruses and PDF spam?
> > > 
> > > They're not being caught properly :-)
> > > 
> > > The clamav filters just aren't updated sufficiently. And sophos
> > > is
> > > a 
> > > joke.
> > > 
> > > I'm interested in getting something like f-secure or another 
> > > commercial scanner working in conjunction with sophos and clamav.
> > > I've
> > > tried f-secure, and I can't get it configured properly.
> > 
> > I've been using F-Secure for a number of years with amavisd-new,
> > but
> > on  Ubuntu.
> > 
> > What specific problem are you having getting it configured?
> > 
> > 
> > Andy
> > 
> > 
> > 
> > 
> > > > 
> > > > -----Original Message-----
> > > > From: amavis-users [mailto:amavis-users-
> > > > bounces+dino.edwards=mydire
> > > > ctmail.net at amavis.org] On Behalf Of Alex
> > > > Sent: Thursday, April 13, 2017 8:32 PM
> > > > To: amavis-users at amavis.org
> > > > Subject: Virus scanners with amavis and fedora
> > > > 
> > > > Hi,
> > > > 
> > > > Does anyone have a current list of virus scanners that work
> > > > with
> > > > the 
> > > > current version of amavis and fedora25? Of course clamav works,
> > > > but 
> > > > are there others? Commercial?
> > > > 
> > > > We've had some success with Sophos, but clamav+sane+malware is
> > > > far 
> > > > better. I think we need a third to help with the Word macro
> > > > viruses 
> > > > and PDF spam.
> > > > 
> > > > Thanks,
> > > > Alex