| View previous topic :: View next topic |
| Are you interested in ClamAV integration for AntispamSniper? |
| Yes. Definitivelly. |
|
25% |
[ 1 ] |
| Yes, but I prefer another antivirus than ClamAV. |
|
0% |
[ 0 ] |
| Maybe. I do not now. |
|
25% |
[ 1 ] |
| No. Never. |
|
50% |
[ 2 ] |
|
| Total Votes : 4 |
|
| Author |
Message |
nikkho
Joined: 06 Sep 2011
Posts: 8
|
 Posted: Tue Sep 06, 2011 12:03 pm Post subject: Antivirus capabilities in AntispamSniper? |
 |
|
Currently AntispamSniper does a good job while protecting us from spam, and physhing in the Pro version.
Unfortunatelly there is some malware coming in emails, that would be nice for AntispamSniper to fight against.
You can refer for instance to the open source ClamAV, that provides a DLL (libclamav.dll) for easily integrating it in AntispamSniper, and so protecting users not only against spam, but also against malware, trojans, and virus.
It can be compilable in 32 and 64 bit flavours, so seems a good choice.
You think it would be worth having it implemented? |
|
| Back to top |
|
 |
Sacles
Joined: 09 Nov 2007
Posts: 51
Location: Belgium (near Li?ge)
|
| Posted: Wed Sep 07, 2011 6:07 am Post subject: |
|
|
Hello,
AntisapmSniper is an antispam, it is not un antivirus.
There are many anti-virus that control messages. |
|
| Back to top |
|
|
nikkho
Joined: 06 Sep 2011
Posts: 8
|
| Posted: Wed Sep 07, 2011 10:54 am Post subject: |
|
|
The problem, as I see it, is that spam and malware are quite related.
Supose a contact of yours, having compromised its security, and sending malware to its contacts (where you are). It will not be spam, since is a contact from you, but indeed it is.
So having a malware detection feature in Antispamsniper, even if simple, will reduce those apams/malware sent by known contacts. |
|
| Back to top |
|
|
Sacles
Joined: 09 Nov 2007
Posts: 51
Location: Belgium (near Li?ge)
|
| Posted: Wed Sep 07, 2011 11:51 am Post subject: |
|
|
For testing, I have an account that gets a lot of spam.
After several years I have never seen a malware in an email.
Malware often hide in attachments (although I never met either).
The job of an anti-virus is blocking malware, including in the mail.
Personally, I use ESET NOD32. Needless to add yet another control |
|
| Back to top |
|
|
vetaltm
Author
Joined: 05 Feb 2006
Posts: 748
|
|
| Back to top |
|
|
nikkho
Joined: 06 Sep 2011
Posts: 8
|
| Posted: Wed Sep 07, 2011 6:04 pm Post subject: |
|
|
Getting malware in email, is not so common, but in my case, I would say I am getting about 1 a week. That is where an integrated solucion makes sense.
I am aware of TBClamAV plugin... In fact I am the author! Thank you for suggesting anyway. |
|
| Back to top |
|
|
vetaltm
Author
Joined: 05 Feb 2006
Posts: 748
|
| Posted: Wed Sep 07, 2011 8:02 pm Post subject: |
|
|
Thanks for the suggestion, Javier. I have some thoughts about the integrated solution:
- An antivirus engine needs regular updates of virus definitions. It can be an issue if a user runs TheBat rarely, and has no time to wait until the updates are downloaded. To resolve this it is necessary to install an antivirus checker as a dedicated service + antivirus plug-in in TheBat, i.e. just like with any other antivirus.
- The full featured antivirus with enabled real-time protection doesn't allow users to run the malicious executables attached to messages, and also protects the email client against any other kinds of infections. This is the most important advantage of a full antivirus versus a simple email scanner.
- TheBat implements a dedicated API for antivirus plug-ins, with additional features like curing or deleting the attached objects. So in any case it is necessary to implement the integration in a separate module, having different functionality and settings.
I think that the fully integrated solution has no value for the users, which already have some antivirus. A scanner like yours is useful for those who need only email scanner, i.e. advanced users. As your plug-in already covers their needs, I think that it is not necessary to implement the same for antispam module. |
|
| Back to top |
|
|
nikkho
Joined: 06 Sep 2011
Posts: 8
|
| Posted: Sun Sep 11, 2011 2:33 pm Post subject: |
|
|
Thank you very much for your detailed explanation and concerns vetaltm.
If keeping signatures updated is a concern, what about some kind of optional integration with online services such as VirusTotal (http://www.virustotal.com/advanced.html) just in the way other online services are used for spam checking?
It could be quite fast, considering that if the hash has already been analized and reported as malware, mark it as spam. |
|
| Back to top |
|
|
vetaltm
Author
Joined: 05 Feb 2006
Posts: 748
|
| Posted: Sun Sep 11, 2011 4:25 pm Post subject: |
|
|
VirusTotal API has restrictions:
- "it is limited to at most 20 requests of any nature in a given 5 minutes time frame."
- "The API must not be used in commercial products or services, it can not be used as a substitute for antivirus products and it can not be integrated in any project that may harm the antivirus industry directly or indirectly".
In fact the plug-in already checks the hashes of attached files and other content via online service - SpamNet. It includes the hashes of attachments and text of messages with spam, phishing or viruses. |
|
| Back to top |
|
|
nikkho
Joined: 06 Sep 2011
Posts: 8
|
| Posted: Sun Sep 11, 2011 5:39 pm Post subject: |
|
|
Good to know that SpamNet is able to deal with malware spam too.
I guess, that is what I was looking for initially! |
|
| Back to top |
|
|
|
FAQ
Search
Profile
Log in
Register
