Re: antivirus & antispam software

Michael Schnell wrote:
How is the software going to decide which download or mail is supposed to be Spam or contain a virus ?

For virus detection I suppose you need to use a (payed) service that updates the pattern file and the detection software on a regular basis.


For virus detection, there are several options - there is the open source ClamAV (already mentioned), or commercial programs. Of course, you'd have to pay for the commercial ones, and you'd have a lot more "fun" trying to get them to run in an embedded system. ClamAV works fine, and it database is updated regularly, although it can be a bit slow compared to other systems. The chances of valid emails being wrongly marked as viruses is very low.

I don't know if something like this exists for Spam detection. Otherwise you need to use a channel from the users to the router to have them define rules for Spam detection. Thunderbird is an open source project that does a fairly nice Spam detection based on automatically generated rules. Maybe you can look at it's code.


For spam detection, you want something like spam assassin. However, here you have to give the users more control - presumably somewhere in the world there are people who actually want to receive offers for dodgy pills and the like. While it is common to reject virus emails utterly, it is normal to mark probable spam emails and pass them on so the user can easily sort them.

A primary Spam filter mechanism is to start to send a mail to the sender of any mail and abort after the verification of the addressee. If the verification of the sender fails, the mail can be considered to be Spam.


That can be worth doing, but only works for smtp incoming email. If typical users of your router do not have their own email server and hosting, then it doesn't help as the emails come via pop3.

One thing to think through very carefully is how to handle updates for your virus definitions, your virus checking software, your spam detection software, and any blacklists. Remember that for many of these, voluntary free sites are providing the bandwidth, so selling a commercial product that uses them may be questionable legally or ethically, unless you are using your own servers as proxies or channelling some of your profits back to those services (as money or bandwidth). You also have to consider the consequences if something goes wrong with one of these sites or the files they supply - using your own servers gives you a bit more control.


-Michael
.

Relevant Pages

  • Warning: A possible virus has been detected in one of your messages.
    ... A virus or an infected file has been detected in a message: ... If you do not want the antivirus scanning for your emails, ... Please update your virus detection software and clean ...
    (freebsd-isp)
  • Re: New virus?
    ... > not identified as any particular virus. ... I'm seeing emails to people ... stepped up their detection of potentially hostile OBJECT tags (detecting ... Security Linux, the comprehensive security solution that combines six ...
    (Incidents)
  • Re: V1@Gra spam zombie
    ... somebody who had your address is sending out the spam and the virus they ... the SPAM came from honestly! ... Outlook express shows no emails sent in the sent ... It finds no viruses. ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: mail antivirus
    ... Subject: mail antivirus ... I' use Clamav and it's work perfect, filtered all virus. ... DSPAM - very effective, it learns what is spam and what ... I now get approximately 15 spam emails a day (as opposed ...
    (Focus-Linux)
  • Re: viruses in .gif files ??
    ... | just about every other type of file that can contain a virus but I was just ... | wondering if anyone knows the intended purpose of these emails. ... It is called spam. ... is in a GIF file and you have to view the graphic to see the spam not parse the text. ...
    (microsoft.public.windowsxp.security_admin)