Running Kaspersky AV on FreeBSD mail server

patpro · Jun 13, 2015

Hi,

I run some FreeBSD mail servers (Postfix/Amavisd-new/Clamav…). Each month I'm filtering about 1 million incoming emails and between 400K to 650K outgoing emails. I would like to switch to Kaspersky anti-virus. I know it works, they do ship a FreeBSD version of Kaspersky Security for Linux Mail Server.

I would like to know if some of you have used or are using Kaspersky Security for Linux Mail Server on a FreeBSD mail server. I'm interested in every aspects of the topic:
- Fast enough to use it in before-queue?
- Direct connection to Postfix or behind Amavis?
- Alternate Kaspersky products?
- Does the web management make sense?
- It's made for FreeBSD 9.x, does someone has a positive feedback about running it on FreeBSD 10.x?
- And whatever experience you would like to share.

Thanks for your feedback!

drhowarddrfine · Jun 14, 2015

I presume this is used to protect Windows users on your network, correct?

patpro · Jun 14, 2015

A majority of Windows users, yes. Not always on our network: a large part of our staff (teachers) work from home. And we filter outgoing emails, too.

patpro · Jun 19, 2015

No one?

feenberg · Oct 16, 2015

We are currently using Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE under FreeBSD 10.1 integrated with Sendmail 8.15.1/8.14.9. We have been using successive versions of these for many years. The advantage we see is the ability to reject mail before it is received.

Daniel Feenberg
NBER

patpro · Oct 16, 2015

Thank you for this feedback. I'm already doing reject-before-queue thanks to amavisd-new.
Any though about the web interface?

drhowarddrfine · Oct 16, 2015

patpro said:
No one?

I haven't a clue why anyone would use this. Presumably Windows users have anti-virus on their systems, cause they have to, but I presume the Kaspersky thing is there, needlessly, to protect the server. Unless it's scanning for Windows viruses before passing them on to the Windows boxes but, then, do the Windows boxes still have anti-virus on them?

If there needs to be anti-virus on both then I question the ability of the anti-virus software to do its job.

patpro · Oct 17, 2015

drhowarddrfine said:
Presumably Windows users have anti-virus on their systems

That's where you are wrong. You can't trust users to have proper AV, needless to say proper AND up-to-date AV, on their devices. We have about 28K students that are likely to bring their own device, teachers are likely to do that to.
Even on staff devices, you can't guaranty their AV is really up-to-date when they check their email few seconds after turning on the computer.
On the other side, any one of these users could come on campus with an infected device, and spread virus/malware all over the internet. Remote mail servers would rapidly flag our SMTP as a bad peer, and blacklist us, which would be unacceptable.
Same goes for the ~7K email addresses that are just redirected to other external domains: we can't just pass virus/malware through.

drhowarddrfine said:
If there needs to be anti-virus on both then I question the ability of the anti-virus software to do its job.

Having a brand on AV on staff devices and another brand on mail hub is a good thing. No AV can pretend to be 100% efficient, and it can take few hours for some AV to block new threats (some would fail blocking new threats for days or month, like Clamav).

kpa · Oct 17, 2015

drhowarddrfine said:
Presumably Windows users have anti-virus on their systems, cause they have to, but I presume the Kaspersky thing is there, needlessly, to protect the server.

No they don't. The reality is that most of the "mom and pop" windows systems are never updated after installation and any kind of updaters are disabled because they annoy the users too much. Antivirus programs are uninstalled because they are often one year trials and cost money after the trial period. Your view of an average windows user is way too rosy and unrealistic. A huge majority of the windows users have a mentality that they are not responsible for security of their computer, it's the job of the manufacter and Microsoft and the user shouldn't have to deal with tech stuff they don't understand nor want to understand.

drhowarddrfine · Oct 17, 2015

Well, you guys are saying you're trying to protect the users system. I thought you were trying to protect a corporate user. If some knuckleheaded Windows user wants to run their laptop without anti-virus, why are you trying to protect them? That's their own fault and their own problem. otoh, if it's a corporate PC, that's a different story and that is the situation I'm talking about. I couldn't care less if some student walks in off the street unprotected.

EDIT: Now that I think about it, I guess you do need to watch the files being passed among Windows users since so many of them are infected that they'll be expecting you to protect them from themselves and you will be blamed for any problems cause thinking is never an option.