Recommended Antivirus scanners

info at info at
Fri Nov 22 13:11:47 UTC 2019

First of all: the very best option against macro viruses as mail attachements is to use ClamAV with option "OLE2BlockMacros true" (/etc/clamav/clamd.conf). This option works like a charm, it is detecting any macro as a virus called "Heuristics.OLE2.ContainsMacros".
Second, don't forget to quarantine password protected archives, some weeks ago Emotet is using zip files with passwords more often too.

Sophos I added some days ago and have had the same problem: very bad detection rate, but cpu usage is exploding. I am going to deinstall sophos in some days again.

Some experience from our past with F-Secure, ESETS, ClamAV and daily 5000+ Mails incomming: F-Secure is detecting new signatures often little bit later than ESETS, but ESETS is still far away from detecting new signatures fast enough, in comparison with Trend Micro. ClamAV is detecting 40% viruses (macros excluded) which ESETS was not detecting, so, i was also confused that clamav is detecting such often a virus instead of ESETS. (Therefore i tried additionally sophos but sophos seems to be just unuseable bullsh** for me,sry)

Moving away from F-Secure was more strategically, because ESETS Proxy Gateway Product was technically better, the F-Secure Proxy was just buggy and they didn't fixed the bugs reported with tickets. But you only need ESETS Linux File Server License when running ESETS in MailScanner (which is much cheaper than have a license for any protected user as a mail-server-product license.) because MailScanner only uses the standard command line scanner. So my personal favorite in Business is Trend Micro but their installation is not compatible with MailScanner. I guess with rspamd + ICAP Protocoll for Virus Scanning Plugin you can use much more virus scanners from other companies.

> Message: 3
> Date: Thu, 21 Nov 2019 08:28:29 +0000
> From: Pramod Daya <pramod at>
> To: "mailscanner at"
> <mailscanner at>
> Subject: Recommended Antivirus scanners
> Message-ID:
> <VI1PR04MB4605361B816ABC0B7FEA5477F74E0 at>
> Content-Type: text/plain; charset="us-ascii"
> Hi Folks,
> I've been using clamd successfully for years, but finding that some macro viruses in Office docs
> are slipping through. I added the free version of Sophos to Mailscanner, and apart from causing my
> CPU usage to skyrocket, it doesn't seem to detect anything. Do you have any recommendations on what
> are the most effective antivirus scanners to run in conjunction with Clam ? Is anyone running
> several scanners simultaneously ?
> Feedback much appreciated.
> Thanks
> ___________________________________________________
> Pramod Daya (CEO)
> M.Sc. Computer Science (U. of Oregon)
> Unit 5, Melomed Office Park
> Punters Way, Kenilworth
> Cape Town, South Africa 7708
> [cid:image001.png at 01D4A824.38D37C20]
> Work: +27 21 657 1780
> Fax: +27 21 671 7599
> Cell: +27 83 675 0367
> pramod at
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <
> ml>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image001.png
> Type: image/png
> Size: 5989 bytes
> Desc: image001.png
> URL:
> <
> g>

More information about the MailScanner mailing list