I'm sick of getting hundreds of email viruses every time there is an outbreak.
So, I've got clamav running (and updating its virus database regularly) on geeklair.net.
geeklair.net email users can use procmail to filter out email viruses like this:
:0
* ^X-Virus-Status: Yes
$MAILDIR/viruses
so ... meh.
I've got to figure out when I'm going to test dovecot (during the middle of the night some time, I suppose) and see if I can't move stuff over to it soon, too.
I am thinking about installing ClamAV myself. How do the virus definition update rates compare with other vendors? I also noticed that Grisoft's AVG Product has a linux server edition. We have been using their clients for a while.
I dont mind paying for server based antivirus checking, but if ClamAV is free and good, I definately want to check it out. I'd probably even set up a small donation similar to what we'd pay for the commercial version. I try ot use open source software whenever possible.
We use procmail to run our incoming mail. I'm going to have to look at both packages to see if they can integrate with this. I definately have to do whatever I can to help protect our users, because they insist on running windows machines, making my life a living hell trying to shield them from everything.
I'm not sure how clamav compares to other vendors (I would reckon that it compares very favorably, as the database seems to be updated multiple times a day.). From the FAQ on their website: "When a new worm spreads out, often it is less than one hour before we release a database update."
It is more than enough for my needs (a small group of highly technical users and a couple of friends who have me to make sure their computer stuff 'just works'). I would probably have to do a little more research on it before I decided whether or not to use it in a corporate environment.
I use clamassassin (which is a short /bin/sh script) to just tag incoming email (it works very similarly to spamassassin, my global procmail rules forward mail to it), that way my users can decide if they want to filter those message out or not.
In any event, I feel your pain, windows is the suck.
Does your setup scan attachments? I got clamav working with a procmail filter, but it doesnt seem to scan attachments.
I have seen some procmail rules that run the message through a mime decoder. I'd imagine that's probably what I will have to do to get attachments scanned.
clamav has a rudimentary mime parser (that I'm using).
You need to call clamscan or clamdscan with the --mbox option, though.
They recommend using an MTA that will pass the de-mimed mail to clamav or using clamav-milter, but using --mbox is working fine for me.
I'm using the --mbox option and it's still not getting the attachments. I am using the test file from www.eicar.org, which detects just fine if the contents of the virus test file are directly pasted into the message., but not if it's in there as an attachment.
I haven't tried using the eicar test file, perhaps there's something special with it.
I happened to have a plethora of Worm.SomeFool, Win32.Mix, and Worm.Bagle samples (and a few more every few minutes) that confirmed it was working on my machine.