Check the clamwall log?
It gives 'sender' & 'recipient' & 'found virus', thats enough for me to spot a FP (if I ever get any)
Greetings,
At the moment I am running my copy of Mercury on my Desktop while I build a dedicated server. My desktop has Symantec SystemWorks 2005 with Norton AntiVirus 2006 updated over the top. I have had a couple people suggest that the Symantec products are the causes of some of my problems, yet I have been fortunate and never really had any problems with Symantec/Norton products. My personal experience with McAfee is not that good, though...
So if I were to change AntiVirus products, what have other Mercury Admins had good luck with?
Are there any other products, that as a Mercury Admin you would recommend putting into the equation for a secure and stable Email System?
Regards,
Keith
> Greetings,
>
> At the moment I am running my copy of Mercury on my Desktop
> while I build a dedicated server. My desktop has Symantec
> SystemWorks 2005 with Norton AntiVirus 2006 updated over the
> top. I have had a couple people suggest that the Symantec
> products are the causes of some of my problems, yet I have
> been fortunate and never really had any problems with
> Symantec/Norton products. My personal experience with McAfee
> is not that good, though...
First of all if you run the Norton software keep it away from anything important on your system. Do not let it access any directory that is used by Mercury or Pegasus Mail. Getting Norton off you system is a real challenge and so I'd just leave it alone until you have a lot of time available.
>
> So if I were to change AntiVirus products, what have other
> Mercury Admins had good luck with?
ClamAV with ClamWall works well.
>
> Are there any other products, that as a Mercury Admin you
> would recommend putting into the equation for a secure and
> stable Email System?
ClamWall, Greywall and Spamwall for starters. I personally use POPFileD with POPFile instead of SpamWall but that's my personal preference based on the spam I get. Both work at the 99% level of effectiveness with a FPR under 0.05%. All these will be available when v4.51 comes out (real soon now). The reason I like these is that both are designed to work as daemons with Mercury/32 rather than external system that may or many not be that compatible.
>
>
[quote user="Thomas R. Stephenson"]
> Greetings,
>
> At the moment I am running my copy of Mercury on my Desktop
> while I build a dedicated server. My desktop has Symantec
> SystemWorks 2005 with Norton AntiVirus 2006 updated over the
> top. I have had a couple people suggest that the Symantec
> products are the causes of some of my problems, yet I have
> been fortunate and never really had any problems with
> Symantec/Norton products. My personal experience with McAfee
> is not that good, though...
First of all if you run the Norton software keep it away from anything important on your system. Do not let it access any directory that is used by Mercury or Pegasus Mail. Getting Norton off you system is a real challenge and so I'd just leave it alone until you have a lot of time available.
> So if I were to change AntiVirus products, what have other
> Mercury Admins had good luck with?
ClamAV with ClamWall works well.
> Are there any other products, that as a Mercury Admin you
> would recommend putting into the equation for a secure and
> stable Email System?
ClamWall, Greywall and Spamwall for starters. I personally use POPFileD with POPFile instead of SpamWall but that's my personal preference based on the spam I get. Both work at the 99% level of effectiveness with a FPR under 0.05%. All these will be available when v4.51 comes out (real soon now). The reason I like these is that both are designed to work as daemons with Mercury/32 rather than external system that may or many not be that compatible.
[/quote]
Tom, thanx for the input. As I said, in the past, Symantec has never given me any troubles and I am certainly not convinced that it is the culprit here, either. I know some packages mess with your system based more on the types of programs installed. I am not a gamer, mostly all business and development software as I am a database programmer. Maybe that is why I have never had any issues with it. That aside... where are the products you referenced available?
ClamWall, GreyWall, SpamWall, PopFileD, etc. AND will these work with Mercury/32 v4.01b/c OR would I have to wait for v4.5 to use them?
I am waiting for v4.5 and pricing to determine which way to go... I hope "real soon now" is RSN so I can make the final decision and get on with it ! ! !
Regards,
Keith
> Tom, thanx for the input. As I said, in the past, Symantec
> has never given me any troubles and I am certainly not
> convinced that it is the culprit here, either. I know some
> packages mess with your system based more on the types of
> programs installed. I am not a gamer, mostly all business
> and development software as I am a database programmer.
> Maybe that is why I have never had any issues with it. That
> aside... where are the products you referenced available?
Personally I'd not have any Norton or Symantec product on any system I run. They simply cause more problems than they solve.
>
> ClamWall, GreyWall, SpamWall, PopFileD, etc. AND will these
> work with Mercury/32 v4.01b/c OR would I have to wait for
> v4.5 to use them?
Clamwall, Spamwall and POPFileD are available now. Greywall is coming with v4.51 (today, tomorrow, real soon now)
Clamwall is program that uses ClamAV daemon as antivirus filter. Clamwall is antivirus
protection on the server level. It works for all local accounts automatically without any
special software on the client side. You can use any post program on the client side.
Major ClamWall's features:
* Works with ClamAV Daemon antivirus.
* ClamAV Daemon can be running on any computer.
* ClamWall communicating with ClamAV directly by TCP protocol.
* ClamWall can be run in mode where it is running ClamAV and
controlling their run.
* Can prohibit some attachment by their filename extensions.
http://www.ararat.cz/eng/show.php?clamwall
SpamWall is a daemon for the Mercury/32 server that provides centralised SPAM protection for all local e-mail accounts.
SpamWall's major features:
* Integrated Bayesian filter - no external server needed.
* Adaptable - The Bayesian filter is a learning filter. You can
teach the filter what is SPAM and what is not SPAM by simply
forwarding a message to a local e-mail address eg:
spam@yourdomain.dom, notspam@yourdomain.dom
* Native WIN32 code - external script interpreters like PERL is
not needed.
* Robust - designed for high traffic business servers hosting
many accounts.
* Fast - SQLite3 database backend serves as a common database
for all accounts.
* Around the clock protection - Spamwall runs 24x7 mode and
there is stopping the daemon/database for recalculations.
* Accurate - detects more then 99% of SPAM. Probability of badly
marked message as SPAM is only 0.01%! This is equal to, or
better than, many expensive commercial products.
* Affordable - SpamWall is free for personal and commercial use.
http://www.ararat.cz/eng/show.php?spamwall
There is the POPFileD daemon that you can use with Mercury/32 to send the mail off to POPfile for classification of the incoming mail from any source. You can then use the Mercury/32 filters to move the mail with the spam header to a spam user.
http://users.adelphia.net/~homedale/popfiled/
Make sure you use the right version, they are not interchangeable
POPFile Version Download
0.20.x POPFileD 1.0.1
0.21.x POPFileD 1.1.0 or POPFileD 1.2.2
0.22.x POPFileD 1.22.0
>
> I am waiting for v4.5 and pricing to determine which way to
> go... I hope "real soon now" is RSN so I can make the final
> decision and get on with it ! ! !
The proposed pricing is on the community someplace.
>
> Regards,
>
> Keith
[quote user="KeithW"] So if I were to change AntiVirus products, what have other Mercury Admins had good luck with?[/quote]
I agree with Thomas. Clamwall is very efficient for viruus checking and can also eliminate a lot of spam with additional downloads (see www.sanesecurity.co.uk). Prior to that I used f-prot's command line scanner in a Mercury policy.
I think it's also important that workstations are protected by different anti-virus software - just as a double-check.
Can ClamWall forward messages flagged as viruses to a mailbox? Last time I checked it just wrote a couple of files into a folder - but it was very time-consuming to check each file to see if it was really a virus.
[quote user="ldsandon"].. it was very time-consuming to check each file to see if it was really a virus.[/quote]
Out of interest how are you doing this, and why? Do you think you are getting false positives with Clamav?
Unluckily, I seldom received legitimate mails that contained for example an infected Word document. In my current setup I am using ClamWin via a policy, and forwarding viruses to a "quarantine" mailbox I can easily check remotely what's there, but this setup looks to be slower than ClamWall because there is no alway-on daemon.
Moreover if I can easily check the currrent "virus trend" I am more aware of what's going on.
