My Progress: AntiVirus Software Roundup

[Nathan Johanson]

Just wanted to let everyone know that I have placed calls with every
antivirus vendor supported by MailScanner. A few of the companies have
been responsive and willing to entertain an alternative licensing model.
In one case, I talked directly with a high-level executive (one of the
smaller vendors, obviously). In another conversation, I could hear the
the wheels churning over the phone. The smart, on-the-ball vendors know
that "email scanning services" are a flourishing market, and I think
many are struggling with how to get involved.

In short, this has been my pitch to the vendors that would listen:

* Per user or per mailbox licensing models are cost prohibitive for
those of us that scan email for multiple domains and businesses. Plus,
for those of us that simply scan and forward the email, this licensing
model doesn't really fit, it can be difficult to track,  and it's
definitely cost prohibitive. Unfortunately, most vendors license the
products by user (there are one or two exceptions). But as I've
discovered, some of them (usually the smaller ones) are willing to
entertain alternatives. 
* We're not really interested in a scanner that integrates directly with
the MTA (such as f-prot's new mail server option). We simply want a
lightweight command line scanner that runs in Linux and catches viruses
consistently
* Many of us are looking for affordable alternatives and many of us are
moving away from f-prot and other vendors that have priced us out of
using their product(s). Any vendor that can put a good deal on the table
(that can be used by all of us) could potentially see a marked increase
in business. Obviously, this sort of statement gets their attention (and
it's not a lie). In some cases, I actually pointed out problems with
some of their competitors and used other competitors as good examples.

I will continue to post my progress, and will ultimately deliver a full
roundup of each supported scanner--including the licensing model,
whether they offered an alternative, the potential costs, and the
vendor's overall responsiveness. As you might expect, I'm still waiting
for some of them to return my calls.

Nathan

-----Original Message-----
From: Nathan Johanson 
Sent: Monday, September 15, 2003 9:07 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Detailed AntiVirus Software Roundup


I know... This is a popular topic on the list. We're getting ready to
purchase another virus scanner for use for MailScanner. Over the last
several months, people have posted various recommendations and findings
from their own efforts.

Since I'm about to set out calling the various vendors, sending email,
visiting the web sites, etc., I figured I would post and see if anyone
would be willing to share their findings for all scanners they've
reviewed. I'm looking to get a general overview of all or most of the
scanners supported by MailScanner. If anyone has put together something
like this, can they please post it to the list? If there isn't an
extensive review in existence, I would be willing to put together such a
list based on your responses and my own research. But by my count, I'm
guessing that at least five of you have done the work already.

Like most, we use MailScanner to scan viruses for several domains and
growing. In some cases, the mailboxes reside on the server itself and in
other cases we simply forward the mail to the appropriate mail server
(not often owned by us). In light of this, we want to avoid scanners
that adhere to the "per mailbox" licensing and stick with those that
offer per node licenses. 

Here are the questions we need answers to:

* Which scanners work dependably on a Linux platform from a purely
technical standpoint? There are several of them listed on the
MailScanner site:
http://www.sng.ecs.soton.ac.uk/mailscanner/install/OS-virus-scan-web.htm
Are there any issues with updates, viruses getting through, outdated
version, compatibility issues, etc.
* Which scanners use a "per mailbox" licensing model? Which of these
vendors is willing to work with the customer? And which scanners use a
"per node" licensing model? 

As a member of the list over the last year, here is the rather
disjointed information I've gathered so far:

* there is a lot of recent confusion around f-prot's licensing scheme
(probably most of the confusion can be attributed to conflicts between
the actual license content and content on the web site). F-prot is
mostly to blame for this.
* eTrust came out of nowhere as a viable, dirt-cheap alternative, but it
may be a little more difficult than usual to install and suffers from
some code bloat. Did I hear 34MB? 
* ClamAV is every bit as good as a commercial scanner, but most still
use it in conjunction with a commercial scanner. After watching the list
for several months, it appears that ClamAV does require a lot more
attention than some of the others (the update script lockup issues come
to mind here, and there does seem to be some confusion about updating or
upgrading the scanner in general). I'm basing these assumptions on the
number of posts regarding ClamAV and its installation or usage.
* f-secure has received mixed reviews, but may be a good solution now
that they've incorporated two different scanning engines. I do remember
there as a major problem with their scanner at one point, but can't
remember what that was. Someone did mention that they're willing to work
with customers on pricing, but (like f-prot) it's not clear which
version we would need to purchase. F-secure's recent publicity around
decoding instructions in the Sobig virus does seem to lend them some
recent credibility. 
* Sophos is used by the author of MailScanner (a good recommendation),
but could be cost prohibitive. There were issues with recent engines
slowing down the server, but that seems to have been solved.
* RAV is now under Microsoft's control. Enough said.

There are several others of which I have little or no information:
command, kaspersky,  nod32, antivir, etc. I'm familiar with McAfee and
Trend (having one foot in the Windows world), but it's obvious that
Linux isn't really their first concern (it's difficult to even find
mention of these scanners on their web sites).

Sincerely,

Nathan Johanson