Topic: 8.1: Replacing ClamAV with Kaspersky Anti-Virus for Linux File Server

[Michail Pappas]

Well the subject says it all. Got a number of license keys for Kaspersky Endpoint Security, that include Kaspersky Anti-Virus for Linux File Server as an applicable product. So I was wondering whether it would be possible to replace ClamAV with Kaspersky.

Searched around but the threads I found were rather old. Same on wiki.

Does anyone have a working, production or test 8.1 setup using Kaspersky Antivirus? Any information will be appreciated.

EDIT: Posted this in the wrong subforum, would appreciate if an admin could move it to its proper position.

[filippoc]

KAV Linux Files Server works using predefined jobs to scan the filesystem.
Clamav has a client-server model to submit files to scan to a daemon.

Clamav on SME is used for two different jobs:
1. daily/weekly scan of the filesystem
2. scan of email

KAV is ready for 1, but to scan email you should create and run a job on every mail. If possible at all, I think it would be hard to adapt sme and kav.

To scan email, the product is KLMS, but it supports postfix (I didn't check if it could be used with qmail).

[Michail Pappas]

Thank you for your prompt reply.

2. scan of email

KAV is ready for 1, but to scan email you should create and run a job on every mail. If possible at all, I think it would be hard to adapt sme and kav.

Pity, this is what I was looking for...

In any case, thank you for your time and informative answer.

[Stefano]

Michail, apart from license, have you any other (good) reason to wish to move from Clamav to KAV?

[Michail Pappas]

Detection rates are extremely poor, compared to Kaspersky. A lot of viruses pass through, only to be caught by the Kaspersky AV software running on the clients. Plus, most of AVs now (kaspersky included) offer improved 0-day coverage through detection from the cloud.

[Stefano]

Detection rates are extremely poor

any evidence? clamav is widely used by big ISPs too..

[Michail Pappas]

Not any really, just a feeling. My statement was made mostly in the context of 0-day threats, where ClamAV is quite slow to respond.

EDIT: With regard to ClamAV usage from ISPs etc, I believe that it is pretty good in handling in-the-wild viruses. Plus, it is free, a huge advantage for ISPs to cut down costs.

An interesting read (by no means scientific though): http://blog.dynamoo.com/2013/10/an-informal-anti-virus-comparison.html

[mmccarn]

Does Kaspersky Endpoint Security include Kaspersky Security for Linux Mail Server?

It looks like you can install Kaspersky Mail Gateway (Anti-Virus only) on a separate server, or possibly on your SME using separate ports -- and configure it to filter email in front of qpsmtpd on the SME server.

[Knuddi]

Hi Michail,

If you can share a license key, then I would be interested in making a qpsmtpd plugin that would scan mails using Kapersky - interested?

/Jesper

[Michail Pappas]

Does Kaspersky Endpoint Security include Kaspersky Security for Linux Mail Server?

It looks like you can install Kaspersky Mail Gateway (Anti-Virus only) on a separate server, or possibly on your SME using separate ports -- and configure it to filter email in front of qpsmtpd on the SME server.

I do not have a license for the Mail Gateway product unfortunately. Only for Endpoint Security:Select, which does include the afore-mentioned "Anti-Virus for Linux File Server" product.

If you can share a license key, then I would be interested in making a qpsmtpd plugin that would scan mails using Kapersky - interested?

Thank you for the kind offer. Unfortunately we have a single key for the entire 170 systems of ours, so sharing it with a third party would be an issue, even if the end justifies the means Again, thank you though for offering to help!

[filippoc]

If you can share a license key, then I would be interested in making a qpsmtpd plugin that would scan mails using Kapersky - interested?

You could probably ask one to your local distributor. Mine is expired, sorry (was time limited, issued by a local distributor to let me develop integration in our distro).

[Michail Pappas]

Apologies for bumping a very old thread, but it was the better way to both contact Knuddi, as well as make known my wish for having Kaspersky as an alternative mail client.

Hi Michail,

If you can share a license key, then I would be interested in making a qpsmtpd plugin that would scan mails using Kapersky - interested?

Jesper, I could arrange perhaps for you to get a test, time-limited license. If you are still interested in pursuing this of course

This is the 8.1 forum, but do presume that it is the production 9.X we are talking about implementing this.