2
declude, how to and why not?
Question asked by Howard Chang - March 27, 2015 at 8:19 AM
Unanswered
Hi all
 
We have been struggling with antivirus solutions lately, we used ESET file security before until two days ago it brings out plesk 12 's MySQL down all of sudden, so we have to uninstall it
 
We now only have clamAV embedded with SM with some RBL enabled, I did do some researches and find that declude seems a nice solution but it seems not many ppl are using it?
 
I know we could install declude from mailsbestfriend
 
but after installation, how to apply those "configuration files"?
 
If you do apply and you see that from mailsbestfriend.com/downloads/Configs/Virus.cfg , declude use clamAV and "F-Prot" to scan virus only? since clamAV is not working well lately, does that mean that we "had better" buy  and install F-Prot TOO?
 
sorry for so many questions!
 
cheers
 
Howard
 
 
 

6 Replies

Reply to Thread
0
Bruce Barnes Replied
March 27, 2015 at 8:21 AM
See my post at:
 
 
Many users use that document as the basis for their antispam measures.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Howard Chang Replied
March 27, 2015 at 8:56 AM
Hi Bruse, it is a nice article! may I have one question that I think SM professional also support TLS/SSL fine?
 
and I am looking for more suggestions on ant-ivirus part too
1
Bruce Barnes Replied
March 27, 2015 at 9:12 AM
Yes, SmarterMail Professional also supports TLS/SSL, so long as you have a valid certificate, it is properly installed in the server's certificate store, with all of the supporting certificates (either 2 or 3 additional certs, depending on the cert issuer), and you have properly exported the SmarterMail certificate and mapped it to the SSL and TLS ports when they are setup.
 
Finally, remember that SSL is now fully DEPRECIATED and no longer used.  It should be completely disabled in your SERVER's registry.  (Here's a link describing that issue and process: https://portal.smartertools.com/community/a2497/broken-smartermail-ui-after-upgrade-to-13_3.aspx)
 
While encryption certificates are still commonly referred to as "SSL certificates," in reality, the only encryption protocol now supported is TLS.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Howard Chang Replied
March 27, 2015 at 9:58 AM
thanks again, I have done reading your DOC, it really helps a lot, highly recommended!
 
Also, could someone share antivirus+declude experiences on my original question?
 
thanks!
0
Scarab Replied
March 27, 2015 at 10:16 AM
Declude can still be immensely useful in controlling Spam. We use it on our servers in addition to many suggestions that Bruce gives in his Anti-Spam document. It gives a lot of flexibility to fine-tune how you detect and handle Spam (and Ham to reduce false-positives). We also use it for our own custom Filters and home-made RBLs. 
 
The downside to Declude is that it does require configuration. In addition to the .CFG files (Declude, Global, Hijack, Virus, etc) many of the Filters (.TXT files) need manual configuration as well to tailor them to your specific needs.
 
The other downside to Declude is that it is a CPU Resource hog, and it is not unusual for it to stay at a steady 99% CPU (no matter how much horsepower you have it will use all that is available to it). I would strongly recommend not running it on the same Mail server that is providing Web Services/POP/IMAP/SMTP to your customers, but using it with a SmarterMail Free Edition on a separate server as an Incoming Gateway.

Lastly, you need to actively monitor your \Spool\Proc folder with a Scheduled Task and script. During high volumes of incoming email (Spam Storms such as before Black Friday/Cyber Monday, Valentine's Day, and Mother's Day) it is not unusual for Declude to fall behind, causing a long delay in email being returned to the Spool for delivery (sometimes a several hour delay). When the \Spool\Proc folder gets too many messages queued we have a script that automatically moves everything to the Spool, skipping Declude checks until the mail load returns to normal. It only happens 3-4 times a year but it's enough to cause concern.

With those caveats in mind, we find Declude to still be very useful despite development being non-existent. It gives flexibility that is still not available in Smartermail and still is a useful tool in fighting Spam. 
0
Linda Pagillo Replied
March 30, 2015 at 7:28 AM
Hi Howard. I wanted to chime in here. The combo of Declude, Message Sniffer from Arm Research and correct configuration of the Smartermail anti-spam settings has been proven to be an extremely effective combo in the ongoing battle with spam and viruses. If you have any questions about Declude, Sniffer or any other anti-spam/anti-virus software, please feel free to ask.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com

Reply to Thread