"Szucs János" wrote:
> The answer is: why?
> OpenAntivirus in its present state seems to be very-very far from being a
> reliable solution.
> What about virus definition files for it? How often are they released?
> What about the detection of macro viruses?
Are you speculating or speaking from experience or documentation?
> Do not forget that you are going to find a virus scanner for E-MAILS: you
> have never heard about an e-mail virus one day and the next day it infects
> thousands of machines.
> I think Anomy in itself is a very good tool to strengthen the protection
> provided by commercial antivirus programs used on the client machines: by
> removing and putting all potentially dangerous contents into a quarantiane
> the server, it gives the clients time to update the virus databases. You
> also have a chance to check the suspicious contents by more than one
> commercial scanners before releasing it from the quarantine.
> What would OpenAntivirus provide you in its present state? Nothing but the
> illusion of safety. Which might make you careless.
I think you may have missed his point. His questions was could he use
OpenAntivirus with Sanitizer vs. a commercial product?
Why? Like many of us, I use Sanitizer in conjunction with uvscan (others may
use fprot, kapersky (sp?), etc) on the mail server itself. Why? Because it
gives an extra layer of security. I quarantine all of the known dangerous
extensions (exe, bat, vbs, pif, winmail.dat), and I virus scan those which
can usually be considered safe (zip, doc, xls, etc). If uvscan finds a virus
(or the potential threat) which it cannot clean, it's quarantined. If it's
cleanable, it's defanged and sent on to the user. If clean, it's sent
unchanged. Both the mail server and our workstations are updated nightly to
ensure the latest is caught.
We'd be getting the best of both worlds if OpenAntivirus worked well (and
reliably) in this situation. Of course - it may be a conflict of interest
for Anomy since it is sponsored (I believe) by F-Prot).
A quick "answer", however, is as long as OpenAntivirus can be called from
sanitizer and returns predictable result (exit) codes, then it should be
easily adaptable. The question is (which you did raise), however, can you
trust it as well as a commercially funded product?
Rick Johnson, RHCE - firstname.lastname@example.org
Linux/WAN Administrator - Medata, Inc. (from home)
PGP Key: https://mail.medata.com/pgp/rjohnson.asc