Tip of the Trade: Linux-Based E-mail Scanners

By Carla Schroder (Send Email)
Posted Sep 4, 2007

I've never been comfortable with Windows-based e-mail scanners because they run on the same porous, malware friendly platform they're supposed to protect. Paying big bucks for software licensing fees year after year isn't a very attractive proposition either.

If you're in the market for an e-mail scanner, consider MailScanner or ClamAV. Together, they offer stout protection against viruses, spam, phishes and all manner of e-mail-borne malware.

Discuss this article in the ServerWatch discussion forum

Fortunately, there are powerful, free alternatives, like MailScanner and ClamAV. Using these two together delivers stout protection again viruses, spam, phishes, and all manner of e-mail-borne malware. Both run on just about any Linux or Unix-type operating system, so you have the benefit of choosing your favorite operating system as well as the benefits of superior security, efficiency and performance.

ClamAV just keeps getting better. It installs with a nice set of default options, and thus requires minimal tweaking. It defaults to checking for new virus signatures several times per day, and it can scan outgoing mail. You should definitely scan outgoing e-mail — if this were a routine practice, 90 percent of e-mail would not be spam or malware.

MailScanner is a Perl-based e-mail filter. Oh no, you say, filtering programs are slow! Don't worry, because MailScanner is very fast. It's more work to set up than ClamAV, because you must walk through its main configuration file and tell it what to filter. MailScanner takes advantage of Linux's and Unix's ability to determine true file types — it won't be fooled by forged file extensions like Windows. (Remember, file extensions are for human convenience on Linux/Unix systems; the operating system doesn't need them.) So when you configure it to block .exe files and allow .jpg, for example, it won't be fooled by those bogus .exe.jpg-type compound file extensions so beloved of scammers.

MailScanner has an option to notify senders that they have a virus. Do not enable this. Virtually all spam and virus return addresses are forged, so it's a waste of time and unnecessarily clogs the Internet. If you really want to track down the culprit, study the mail headers, but even then the spam most likely originated from a compromised host.

Be sure to purchase the excellent "MailScanner" book by Julian Field. It will save you much time and hassle. And don't be shy about clicking the "Donate" link. MailScanner will save you substantial amounts of money, so why not show the developers your appreciation?

Page 1 of 1

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date