[Mimedefang] mimedefang and trend micro's interscan viruswall
Stephane Lentz
Stephane.Lentz at ansf.alcatel.fr
Thu Mar 6 16:52:01 EST 2003
Hi,
On Thu, Mar 06, 2003 at 11:05:57AM -0800, Xiaoyan Ma wrote:
> I am installing mimedefang2.29 for the first time on a Solaris 8 box
> running sendmail 8.12.8. I run Trend Micro's Inter Scan Viruswall as virus
> filter and SpamAssassin as spam filter.
=> Latest MIMEDefang version is 2.30. Better installing this one if
possible.
> I have InterScan v3.6 for solaris sendmail switch version running. When
> installing mimedefang, it sees the InterScan filter and when mimedefang is
> up running it rejects virus affected attachment. But it doesn't seam to
> use inter scan's tools, such as iscan's viurs log, and other features in
> the intscan.ini file.
=> For others : Interscan Sendmail Switch is some Milter antivirus solution only
available for Solaris. There is no Linux version (Milter is not some
priority at TrendMicro).
> When I tried to run interscan as a separate plug-in, and I can then use all
> the tools.
>
> My questions are:
>
> 1) If I run interscan trhough mimedefang, should I use the sendmail switch
> version or the standard Solaris version?
=> MIMEDefang uses only the /etc/iscan/vscan command from Trend Micro
solutions. Installing the standard Interscan version is what most
people do I guess (few people use Interscan Switch Edition).
> 2) Should I be able to use interscan tools when running it through
> mimedefang?
>
=> /etc/iscan/vscan doesn not write anything in Trend's iscan logs by
default. However the vscan command has a -l switch if you want to get
some logging (but that would log some temporary paths information):
root# /etc/iscan/vscan -a -l/tmp/logvirus /directory
i don't know if will solve your needs.
Otherwise, you could try to write some code in your MIMEDefang filter to
reproduce Interscan's standard logging.
> 3) CPU usage is one of our major concerns. Will running interscan
> separately add a heavy load to the system?
=> Sorry but I have no experience with the Solaris Switch Edition of
Interscan. To lower the load a daemonized virus scanner would help, but
Trend proposes no such solution. It's funny to see that vscan was
written in 1996-1997 and not improved a lot since then (but virus
patterns are updated quite fast) :
root # /etc/iscan/vscan
Virus Scanner v3.1, VSAPI v6.150-1001
Trend Micro Inc. 1996,1997
Regards,
SL/
---
Stephane Lentz / Alcanet International - Internet Services
More information about the MIMEDefang
mailing list