So you say that both MessageSniffer and Cyren Antispam are practically useless?

And what do you think about Cyren Zero-Hour Antivirus?

If so, do you recommend disabling them all (since unfortunately they cost ...) and using something else better? If so, what?

Thanks in advance for your advice!

Same issue with Cyren giving confirmed scores to perfectly normal emails but blatant spam getting through. We use an external av engine, I don’t trust Cyren. 

so what do you recommend?

I have read that other users use an EFA appliance in front of SMARTERMAIL ...

What's your choice?

I'd actually give Cyren a re-evaluation. We just updated the Cyren engine which we had been using for years previously, we've noticed much better performance out of Cyren. The most recent update has these changes. No more MailService_Subprocess, it uses ctasd (Cyren's Daemon) now.

Note: The virus engine that Cyren uses specializes in new outbreaks. They don't keep a large db of signatures only recent and trending stuff. I would absolutely make sure you pair Cyren with something else monitoring the spool or ClamAV. 

    Cyren is setup to run after ClamAV, but before the command line if setup, could maybe change that.

Matt, we lost most of our eval of Cyren back when we had that stalling/crashing issue a bit back. Will have to wait to retest it when we get another eval period. 

Chris, I'll have our Sales Department get in contact with you about extending the eval period.

Robert, Thanks! Though, we thought the stalling / crashing was related to Cyren, turned out it wasnt, but we had it off for almost half the eval period.

Thanks Robert! Emily was able to get me going on a trial. Activated it and running Cyren alone. So far though, ~2500 messages and all of them have been "unknown", I find it hard to believe that out of 2500 emails, not 1 is confirmed, suspect or even bulk.

We've been noticing obvious spam emails getting through MessageSniffer recently as well. Normally they don't seem to be an issue but I've been getting them daily now. We're still on 15.7 though.

We have a theory about what is happening. We have recently moved away from Cyren's deprecated DLLs to their new standalone utility (like ClamAV uses).  If the IP it is using to check against is resolving to localhost or an internal IP it may cause Cyren's utility to report "Unknown".  We are further testing this and should have a solution.  This is related to the Cyren Unknown issue.

I use both Cyren Antispam and Message Sniffer and both find hundreds of SPAMs a day ...

Not many, something surely passes, but still they stop some SPAM.

But I don't know if they are more or less efficient than other systems, like an EFA appliance.

We are currently testing Rspamd. So far it’s working really well.

Hi Chris, thanks for the info.

I'm on the way to choose what to test (the candidates are Rspamd, EFA and ProxMox MailGateway).

I like to test Rspamd first, but any advice is welcome!