OpenBSD AV solutions (Besides ClamAV) ? - BSD

This is a discussion on OpenBSD AV solutions (Besides ClamAV) ? - BSD ; Hello, i'm searching the web for any OpenBSD (v3.6) compatible virus scanners to use at my company. I'm using ClamAV at the moment for which works great. But unfortunatly, some sober variant got slipped trough just before the new updates ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: OpenBSD AV solutions (Besides ClamAV) ?

  1. OpenBSD AV solutions (Besides ClamAV) ?

    Hello, i'm searching the web for any OpenBSD (v3.6) compatible virus
    scanners to use at my company.
    I'm using ClamAV at the moment for which works great. But unfortunatly, some
    sober variant got
    slipped trough just before the new updates arrived so my boss wants to have
    multiple AV scanners.
    The problem is, i can't really find one wich is made *for* OpenBSD (They
    don't have to be free)

    Vexira Antivirus runs on OpenBSD, but only on 3.4 :/
    http://www.centralcommand.com/buy_openbsd.html

    # ldd vascan
    vascan:
    vascan: can't load library 'libpthread.so.2.1'
    vascan: exit status 4

    Hmz, anyone had any experiance with AV's other then clamav on Obsd v3.6 ?
    Please let me know.

    -Bas



  2. Re: OpenBSD AV solutions (Besides ClamAV) ?

    In the referenced article, "Bas Keur" writes:
    >Hello, i'm searching the web for any OpenBSD (v3.6) compatible
    >virus scanners to use at my company. I'm using ClamAV at the
    >moment for which works great. But unfortunatly, some sober variant
    >got slipped trough just before the new updates arrived so my boss
    >wants to have multiple AV scanners. The problem is, i can't really
    >find one wich is made *for* OpenBSD (They don't have to be free)
    >
    >Vexira Antivirus runs on OpenBSD, but only on 3.4 :/
    >http://www.centralcommand.com/buy_openbsd.html
    >
    ># ldd vascan
    >vascan:
    >vascan: can't load library 'libpthread.so.2.1'
    >vascan: exit status 4
    >
    >Hmz, anyone had any experiance with AV's other then clamav on Obsd
    >v3.6 ? Please let me know.


    I'm currently running ClamAV and Sophos on my mail gateways (*).
    Sophos is commercial software for which we have a site license.

    (*) This is unbelievably altrustic of me as I use operating systems
    (OpenBSD) and mail systems that generally aren't affected by
    computer viruses. The leading prefix "W32/" in the table
    appended below should give a clue as to where the real
    vulnerablilities lie.

    ClamAV is at version 0.84 and obviously compiled on my OpenBSD
    boxes. The Sophos software is the Linux libc6 release running in
    compatability mode. I had to slightly tweak the Sophos installation
    script to get it to work on OpenBSD.

    You'll need to have the Linux libraries from
    /usr/ports/emulators/redhat installed. To save on CPU I've
    installed a slightly modified version of the sophie daemon:

    http://www.vanja.com/tools/sophie/

    which I compiled on a Linux box. So it too runs in compatability
    mode.

    I've been running the Sophos stuff in compatability mode for the
    past few years. It works fine.

    Appended below are some detection stats for the first week I ran
    both virus scanners together. Note:

    (1) ClamAV picks up a lot of phishing email that other virus
    scanners don't. However I expect SpamAssassin would score these as
    spam.

    (2) Sometime only one virus scanner will pick up a virus. This is
    usually down to the different signatures used. However database
    updates arrive at different rates. So you can get new viruses
    picked up by one scanner and not the other for a short while.


    Viruses detected between 15th March 2005 and 21st March 2005
    ------------------------------------------------------------

    Virus Count
    ----- -----
    W32/Netsky-P ClamAV/Sophos 640
    W32/Netsky-D ClamAV/Sophos 485
    W32/MyDoom-O ClamAV/Sophos 150
    HTML.Phishing.Bank-1 ClamAV 126
    W32/Lovgate-V ClamAV/Sophos 47
    W32/Bagle-BK ClamAV/Sophos 40
    W32/MyDoom-N ClamAV/Sophos 37
    W32/Bagle-Zip ClamAV/Sophos 30
    W32/Netsky-Q ClamAV/Sophos 30
    Worm.Lovgate.Z ClamAV 29
    HTML.Phishing.Bank-107 ClamAV 27
    W32/Bagle-AG ClamAV/Sophos 26
    W32/Netsky-AE ClamAV/Sophos 23
    Worm.Mydoom.M ClamAV 21
    W32/Gibe-F ClamAV/Sophos 20
    HTML.Phishing.Bank-83 ClamAV 17
    HTML.Phishing.Postcard-3 ClamAV 16
    W32/Lovgate-X ClamAV/Sophos 16
    W32/Netsky-X ClamAV/Sophos 16
    W32/Bagle-AI ClamAV/Sophos 15
    HTML.Phishing.Bank-60 ClamAV 13
    W32/Bagle-N ClamAV/Sophos 13
    HTML.Phishing.Pay-14 ClamAV 12
    W32/Netsky-AB ClamAV/Sophos 12
    W32/Netsky-Y ClamAV/Sophos 12
    W32/MyDoom-AR ClamAV/Sophos 9
    HTML.Phishing.Auction-16 ClamAV 8
    HTML.Phishing.Auction-28 ClamAV 8
    HTML.Phishing.Bank-52 ClamAV 8
    W32/Bagle-AF ClamAV/Sophos 8
    W32/Lovgate-AJ ClamAV/Sophos 8
    HTML.Phishing.Bank-106 ClamAV 7
    HTML.Phishing.Bank-49 ClamAV 7
    W32/Netsky-C ClamAV/Sophos 7
    W32/NetskyD-Dam ClamAV/Sophos 7
    W32/Zafi-D ClamAV/Sophos 7
    HTML.Phishing.Bank-131 ClamAV 6
    HTML.Phishing.Bank-57 ClamAV 6
    HTML.Phishing.Bank-98 ClamAV 6
    W32/Netsky-B ClamAV/Sophos 5
    W32/Netsky-J ClamAV/Sophos 5
    W32/Sober-K ClamAV/Sophos 5
    HTML.Phishing.Auction-17 ClamAV 4
    HTML.Phishing.Auction-19 ClamAV 4
    HTML.Phishing.Pay-11 ClamAV 4
    HTML.Phishing.Pay-6 ClamAV 4
    HTML.Phishing.Pay-8 ClamAV 4
    W32/Kriz ClamAV/Sophos 4
    W32/Netsky-Z ClamAV/Sophos 4
    W32/NetskyP-Dam ClamAV/Sophos 4
    HTML.Phishing.Auction-27 ClamAV 3
    HTML.Phishing.Auction-36 ClamAV 3
    HTML.Phishing.Bank-121 ClamAV 3
    HTML.Phishing.Bank-79 ClamAV 3
    W32/Bagle-AU ClamAV/Sophos 3
    W32/Lovgate-F ClamAV/Sophos 3
    W32/Netsky-AD ClamAV/Sophos 3
    HTML.Phishing.Auction-14 ClamAV 2
    HTML.Phishing.Auction-32 ClamAV 2
    HTML.Phishing.Bank-3 ClamAV 2
    HTML.Phishing.Bank-78 ClamAV 2
    HTML.Phishing.Bank-81 ClamAV 2
    HTML.Phishing.Pay-12 ClamAV 2
    VBS/Redlof-A ClamAV/Sophos 2
    W32/Bagz-D ClamAV/Sophos 2
    W32/Dumaru-AK ClamAV/Sophos 2
    W32/Flcss ClamAV/Sophos 2
    W32/Klez-H ClamAV/Sophos 2
    W32/Mabutu-A ClamAV/Sophos 2
    W32/NetskyZ-Dam ClamAV/Sophos 2
    W32/Rox-A ClamAV/Sophos 2
    Worm.Lovgate.X ClamAV 2
    Worm.Mytob.C-2 ClamAV 2
    Worm.SomeFool.N ClamAV 2
    HTML.Phishing.Auction-33 ClamAV 1
    HTML.Phishing.Auction-40 ClamAV 1
    HTML.Phishing.Bank-119 ClamAV 1
    HTML.Phishing.Bank-129 ClamAV 1
    HTML.Phishing.Bank-28 ClamAV 1
    HTML.Phishing.Bank-68 ClamAV 1
    HTML.Phishing.Bank-70 ClamAV 1
    HTML.Phishing.Pay-1 ClamAV 1
    W32/Bagle-AA ClamAV/Sophos 1
    W32/Bagz-E ClamAV/Sophos 1
    W32/Bugbear-B ClamAV/Sophos 1
    W32/Bugbear-Dam ClamAV/Sophos 1
    W32/Bugbear-F ClamAV/Sophos 1
    W32/Lovgate-AD ClamAV/Sophos 1
    W32/Lovgate-W ClamAV/Sophos 1
    W32/Netsky-Dam ClamAV/Sophos 1
    W32/Nyxem-C ClamAV/Sophos 1
    Worm.SomeFool.Gen-1 ClamAV 1
    Worm.SomeFool.P ClamAV 1
    --
    Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
    D.H.Davis@bath.ac.uk

  3. Re: OpenBSD AV solutions (Besides ClamAV) ?

    Bas Keur wrote:

    > Hello, i'm searching the web for any OpenBSD (v3.6) compatible virus
    > scanners to use at my company.
    > I'm using ClamAV at the moment for which works great. But unfortunatly,
    > some sober variant got
    > slipped trough just before the new updates arrived so my boss wants to
    > have multiple AV scanners.
    > The problem is, i can't really find one wich is made *for* OpenBSD (They
    > don't have to be free)
    >


    I admit this may not work for you, but my experience is that the best way is
    simply to reject anything that comes with an attachment.

    One of my clients has ClamAV on 3.6, they didn't get infected as Clam was
    set to reject anything with a zip attachment. Got 3 of them before Clam's
    update kicked in.

    Mind you they are a fairly sensible lot and don't run Outleak.

  4. Re: OpenBSD AV solutions (Besides ClamAV) ?

    Thus spake "Bas Keur"

    > The problem is, i can't really find one wich is made *for* OpenBSD (They
    > don't have to be free)


    You might want to check

    http://www.antivir.de/en/produkte/an...ver/index.html

    I have used antivir on OpenBSD 3.3 through 3.7 without a problem. You
    can update the virus definition data online and is supported by
    amavisd-new.

    Just download the Unix package, it contains the Linux, *BSD and
    Solaris versions.

    --
    This sig intentionally left blank

  5. Re: OpenBSD AV solutions (Besides ClamAV) ?

    > I admit this may not work for you, but my experience is that the best way
    > is
    > simply to reject anything that comes with an attachment.
    >
    > One of my clients has ClamAV on 3.6, they didn't get infected as Clam was
    > set to reject anything with a zip attachment. Got 3 of them before Clam's
    > update kicked in.
    >
    > Mind you they are a fairly sensible lot and don't run Outleak.


    Unfortunatly this doesn't work for me since besides out own company
    we run about 12 others true it which LOVE = demand to send atachments
    But thanks anyway.



  6. Re: OpenBSD AV solutions (Besides ClamAV) ?

    >>Hmz, anyone had any experiance with AV's other then clamav on Obsd
    >>v3.6 ? Please let me know.

    >
    > I'm currently running ClamAV and Sophos on my mail gateways (*).
    > Sophos is commercial software for which we have a site license.


    > Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
    > D.H.Davis@bath.ac.uk


    Thanks, i'll give Sophos a try as well.

    -Bas



  7. Re: OpenBSD AV solutions (Besides ClamAV) ?

    > You might want to check
    >
    > http://www.antivir.de/en/produkte/an...ver/index.html
    >
    > I have used antivir on OpenBSD 3.3 through 3.7 without a problem. You
    > can update the virus definition data online and is supported by
    > amavisd-new.
    >
    > Just download the Unix package, it contains the Linux, *BSD and
    > Solaris versions.
    >
    > --
    > This sig intentionally left blank


    Thanks a lot !
    -Bas



  8. Re: OpenBSD AV solutions (Besides ClamAV) ?

    "Bas Keur" writes:

    >> One of my clients has ClamAV on 3.6, they didn't get infected as
    >> Clam was set to reject anything with a zip attachment. Got 3 of
    >> them before Clam's update kicked in.
    >>
    >> Mind you they are a fairly sensible lot and don't run Outleak.

    >
    > Unfortunatly this doesn't work for me since besides out own company
    > we run about 12 others true it which LOVE = demand to send atachments
    > But thanks anyway.


    You may be able to combine ClamAV with amavis-new. Amavis-new allows
    for expanding of attachments (including various archive formats) and
    feeding them to a virus scanner (supports several).

  9. Re: OpenBSD AV solutions (Besides ClamAV) ?

    On Thu, 12 May 2005 22:41:08 -0400, David wrote:

    > "Bas Keur" writes:
    >
    >>> One of my clients has ClamAV on 3.6, they didn't get infected as
    >>> Clam was set to reject anything with a zip attachment. Got 3 of
    >>> them before Clam's update kicked in.
    >>>
    >>> Mind you they are a fairly sensible lot and don't run Outleak.

    >>
    >> Unfortunatly this doesn't work for me since besides out own company
    >> we run about 12 others true it which LOVE = demand to send atachments
    >> But thanks anyway.

    >
    > You may be able to combine ClamAV with amavis-new. Amavis-new allows
    > for expanding of attachments (including various archive formats) and
    > feeding them to a virus scanner (supports several).


    amavis-new + clamav + spamassassin are working in combination on my debian
    woody mailserver
    The only issue I have with clamav (and this is due more to laziness than
    anything) is one of the eicar test virii are getting through
    I suspect I have misconfigured clamav somehow but havent looked :-)


    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.


  10. Re: OpenBSD AV solutions (Besides ClamAV) ?

    > You may be able to combine ClamAV with amavis-new. Amavis-new allows
    > for expanding of attachments (including various archive formats) and
    > feeding them to a virus scanner (supports several).


    Thats what i'm doing, my question was which of the several supported virri
    scanners that amavis-new supports where supported by OpenBSD

    Thanks to the feedback i'm currently using ClamAV, Sophos & Antivir for the
    AV part.

    In total that whould be....

    OpenBSD, MySQL, Postfix, Amavisd-new, SpamAssassin,
    Razor, DCC, ClamAV, Sophos, Antivir and to add a little
    sugar on top i installed a web based interface called Maia to
    let everybody control their white/black lists & quarantines.

    It took a while, but it;s running like it should.. at last.

    -Bas



+ Reply to Thread