Last week, when “W32.Beagle.A@mm” started to spread out, I decided to switch my mailing lists to “moderated”.
Not that my subscribers can be affected by viruses (I configure my mailing lists to scrap binary attachments to reduce the risk), but a flurry of mails saying “Hi” was something I wanted to avoid, even if they are safe!
This week, when “W32.Novarg.A@mm” came out, I decided I needed something stronger and more automatic…
After some googling, I have installed clamav and amavis. That took me some time and has been painful (the mail system is probably what’s the most complex on my servers, with many different programs involved: postfix, procmail, cyrus, procmail and now clamav and amavis), but I am pretty happy with this small achievement.
Clamav is what’s doing the real work. It’s an open source anti-virus scanner. It comes with an update daemon and several virus signatures seem to be added daily as far as I can tell on my limited experience.
Also open source, Amavis is what does the interface between the MTA (Postfix in my case) and the virus scanner (Clamav in my case). I have installed a flavor of Amavis named “Amavisd-new”. Amavis is highly configurable. You can tell him when a virus is using fake sender addresses and in that case, it won’t send a report to the sender. I wish more systems and admins could be using that feature to avoid flooding the net with rubbish virus notifications!
With this setup, I have switched my mailing lists to their normal mode again and I am now watching viruses being caught: the rate has reached 30 viruses per hour. 30 mails that won’t leave my SMTP server and never spread their virus…
That may be a small achievement, but I feel a good “net citizen” :) … If more SMTP servers (including those from ISPs) were equipped with such tools, the viruses would spread much, much, much slower.