Good engines, which we have used in the past and would recommend are:

- Avira SAVAPI
- avast!
- Sophos

Reasons we think they are good:

- Fast
- Efficient
- Low False-Positive rate
- Low impact on system (they don't install a pletora of additional software)
- Good support

We tested and used others as well, but to they were crappy, instable and/or
the vendor left the UNIX market. Some didn't seem to be trustworthy enough to
let them handle our customers data.

You might want to check http://www.av-comparatives.org/ for regular surveys.

***@rick

Has anyone tried a recent clamav with YARA support and ya

As far as I know, Avira has also discontinued their linux product.
We have augmented clamav with the sanesecurity signatures.
I just read about the interesting YARA project and am looking into
adding these rules also.

Also we block .js and the old microsoft office formats.

Up to now this seems to work quite well, we do not see anything relevant
get through.
On our customer's mail servers we partly run the kaspersky mail scanner
which works very well.

HTH, Jakob

The scan engine is still available to system integrators. We are one of those
and like the other integrators we add some magic sauce [tm] and wrap the
engine into a product of our own.
ACK

The Avira Antivir product was indeed discontinued [1], but the SAVAPI
engine [2] is not. This is what Patrick is pointing at.

[1]
https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1491
v
[2] https://www.avira.com/en/oem-antivirus

Yes but for the general audience this does not help very much...
JC

I have just played around with yara but you need to be careful and
read/understand each rule before dropping it into the clamav DB directory.
There are rules that mark each mail without image and another marks each
mail with an image. Clamav will detect this as infection and so will
declare every single mail as infected.....

JC

Hi,

I am using Kaspersky (on FreeBSD)

Olivier
--

There are quite a few vendors where you can buy a scanner based on SAVAPI like
any other regular product. I think it just isn't well known that such products
are out there and that anyone can buy them.

***@rick

But why not using yara as yet another anti-virus directly in Amavis?

Best regards,

Olivier

--

Can you give a hint !? I am interested, but I asked Avira and they said
they do not support Linux any more.
JC

Avira licenses per user. You can send me the number of mailboxes you need to
protect and I can send you a quote.

***@rick