2
declude, how to and why not?
Question asked by Howard Chang - 3/27/2015 at 8:19 AM
Unanswered
Hi all
 
We have been struggling with antivirus solutions lately, we used ESET file security before until two days ago it brings out plesk 12 's MySQL down all of sudden, so we have to uninstall it
 
We now only have clamAV embedded with SM with some RBL enabled, I did do some researches and find that declude seems a nice solution but it seems not many ppl are using it?
 
I know we could install declude from mailsbestfriend
 
but after installation, how to apply those "configuration files"?
 
If you do apply and you see that from mailsbestfriend.com/downloads/Configs/Virus.cfg , declude use clamAV and "F-Prot" to scan virus only? since clamAV is not working well lately, does that mean that we "had better" buy  and install F-Prot TOO?
 
sorry for so many questions!
 
cheers
 
Howard
 
 
 

13 Replies

Reply to Thread
0
Bruce Barnes Replied
See my post at:
 
 
Many users use that document as the basis for their antispam measures.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Howard Chang Replied
Hi Bruse, it is a nice article! may I have one question that I think SM professional also support TLS/SSL fine?
 
and I am looking for more suggestions on ant-ivirus part too
1
Bruce Barnes Replied
Yes, SmarterMail Professional also supports TLS/SSL, so long as you have a valid certificate, it is properly installed in the server's certificate store, with all of the supporting certificates (either 2 or 3 additional certs, depending on the cert issuer), and you have properly exported the SmarterMail certificate and mapped it to the SSL and TLS ports when they are setup.
 
Finally, remember that SSL is now fully DEPRECIATED and no longer used.  It should be completely disabled in your SERVER's registry.  (Here's a link describing that issue and process: https://portal.smartertools.com/community/a2497/broken-smartermail-ui-after-upgrade-to-13_3.aspx)
 
While encryption certificates are still commonly referred to as "SSL certificates," in reality, the only encryption protocol now supported is TLS.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Howard Chang Replied
thanks again, I have done reading your DOC, it really helps a lot, highly recommended!
 
Also, could someone share antivirus+declude experiences on my original question?
 
thanks!
0
Scarab Replied
Declude can still be immensely useful in controlling Spam. We use it on our servers in addition to many suggestions that Bruce gives in his Anti-Spam document. It gives a lot of flexibility to fine-tune how you detect and handle Spam (and Ham to reduce false-positives). We also use it for our own custom Filters and home-made RBLs. 
 
The downside to Declude is that it does require configuration. In addition to the .CFG files (Declude, Global, Hijack, Virus, etc) many of the Filters (.TXT files) need manual configuration as well to tailor them to your specific needs.
 
The other downside to Declude is that it is a CPU Resource hog, and it is not unusual for it to stay at a steady 99% CPU (no matter how much horsepower you have it will use all that is available to it). I would strongly recommend not running it on the same Mail server that is providing Web Services/POP/IMAP/SMTP to your customers, but using it with a SmarterMail Free Edition on a separate server as an Incoming Gateway.

Lastly, you need to actively monitor your \Spool\Proc folder with a Scheduled Task and script. During high volumes of incoming email (Spam Storms such as before Black Friday/Cyber Monday, Valentine's Day, and Mother's Day) it is not unusual for Declude to fall behind, causing a long delay in email being returned to the Spool for delivery (sometimes a several hour delay). When the \Spool\Proc folder gets too many messages queued we have a script that automatically moves everything to the Spool, skipping Declude checks until the mail load returns to normal. It only happens 3-4 times a year but it's enough to cause concern.

With those caveats in mind, we find Declude to still be very useful despite development being non-existent. It gives flexibility that is still not available in Smartermail and still is a useful tool in fighting Spam. 
0
W. T. Leaver Replied
I second the continued use of declude! We're using it *instead* of spamassassin and without any of the SmarterMail built-in RBL/URIBL features. We also run Message Sniffer via declude and it's quite simply the most awesome spam filtering system we've ever seen--beats gmail's filtering easily.
0
W. T. Leaver Replied
Oh and Gauntlet from mailsbestfriend.com helps too.
0
Joe Burkhead Replied
W. Troy Leaver, would you be willing to share details of your configuration? We currently use Bruce's document detailing antispam configuration, but find that we still get too much spam coming through to our end users. I know virtually nothing about declude, gauntlet, etc...any help you could give would certainly be appreciated!
0
Linda Pagillo Replied
Hi Howard. I wanted to chime in here. The combo of Declude, Message Sniffer from Arm Research and correct configuration of the Smartermail anti-spam settings has been proven to be an extremely effective combo in the ongoing battle with spam and viruses. If you have any questions about Declude, Sniffer or any other anti-spam/anti-virus software, please feel free to ask.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
W. T. Leaver Replied
Joe, I'd be happy to help out. However, if you really want a powerful spam filtering setup you need to be prepared to spend about $41.00/month on message sniffer per server--it's part of what is working so well for us. The lowest price a message sniffer reseller (we are one) can sell it is in the $41/month range. But yes I'm happy to provide our configuration or even help you get everything installed and configured. I'm not sure I see a way to contact you offline from this system though...
0
Joe Burkhead Replied
Troy, you can reach me through email at joeb at swissvillage dot org.
0
Debby Coutinho Replied
we use spamassasin in a box, declude and smartermails settings and we have our spam relatively resolved every now and then we see a mail sneak through but a tweak on the declude rules resolves this. We dont see declude running at 99% we see it peak up to max of about 30
% at peak times, but maybe its dependant on the number of mails per hour.
0
Francis Gibbons Replied
Can someone please share Declude settings for smartermail 15.x. I just installed the latest version of Declude but don't have any basic settings to implement. Thanks, Frank

Reply to Thread