[OT] Virus Scanning E-Valulation

Julian Field mailscanner at ecs.soton.ac.uk
Mon Mar 31 20:44:29 IST 2003


If you look in SweepViruses.pm you will find the list of command-line
options that MailScanner passes to each of the -wrapper scripts to do the
scanning:

clamscan -r --disable-summary --stdout
sweep -sc -f -all -rec -ss -archive -loopback --no-follow-symlinks
--no-reset-atime -TNEF
f-prot -old -archive -dumb

Try that lot and see how your tests compare.

At 20:31 31/03/2003, you wrote:
>Hello All,
>
>I have been evaluating Sophos, F-Prot and Clam on our server running
>MailScanner.
>
>MS 4.13-4
>SA 2.43
>RH 7.2 w/ sendmail updated
>
>Based on 136 files in /var/spool/MailScanner/quarantine, each of the 3
>programs reported the following:
>
>
>clamscan -r .
>
>----------- SCAN SUMMARY -----------
>Known viruses: 7495
>Scanned directories: 114
>Scanned files: 136
>Infected files: 0
>Data scanned: 25.83 Mb
>Used threads: 2
>I/O buffer size: 131072 bytes
>Time: 1.735 sec (0 m 1 s)
>
>
>sweep -f -di .
>
>136 files swept in 4 seconds.
>No viruses were discovered.
>End of Sweep.
>
>f-prot -auto -disinf .
>
>Files: 136
>MBRs: 0
>Boot sectors: 0
>Objects scanned: 293
>Infected: 78
>Suspicious: 0
>Disinfected: 0
>Deleted: 0
>Renamed: 0
>
>Example of f-prot output:
>
>var/spool/MailScanner/quarantine/20030331/h2VJKYg01851/message->CADDZ3NN.scr
>  Infection: W32/Klez.H at mm
>Virus-infected files in archives cannot be deleted.
>
>What is everyone else using for their scanner 'options' at the command
>line and scan e-mails through mailscanner?
>
>Are the options that I am using to evaluate wrong in anyway?
>
>Thanks
>
>Matthew K Bowman
>Sys Admin
>UDCom

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list