Alternatives to Cyren
Question asked by Ben Kiser - 9/14/2020 at 8:26 PM
Answered
Does anyone have any information on alternatives to Cyren and ClamAV anti-virus.  I am very disappointed in the performance of Cyren, we were recently slammed by emails with infected word documents and our workstation anti-virus caught them but Cyren let them through.  I have to justify the expense for Cyren and I don't know if I can.

19 Replies

Reply to Thread
0
Cyren it's technically "GARBAGE" because it seems to detect very few threats, but at least it helps a little...  It's your choice if it's worth the expense...

I use it because I think every little help it's better than nothing...

For better performance I suggest to use ClamAV with additional signatures from Sanesecurity.

If it helps you, here are my freshclam.conf settings:

DatabaseDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
UpdateLogFile C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\log\freshclam.log
PidFile C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\freshclam.pid
AllowSupplementaryGroups yes
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
MaxAttempts 3
Checks 24
NotifyClamd C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\etc\clamd.conf

DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfopdf.hdb


0
Matthew Titley Replied
I, too, became disappointed with Cyren performance for the exact reasons you stated and switched to an SMTP gateway device to scan for viruses and malware prior to hitting SmarterMail. I wasn't terribly impressed with ClamAV performance either.
0
Ben Kiser Replied
I'll definitely try using the additional signatures in ClamAV and see if that helps, if not we will definitely look into adding an SMTP gateway device.
1
Ronald Raley Replied
Review the graphs in your solution before pulling the plug.

I agree that Cyren should improve. But when you go fishing, you can never catch ALL the fish.

Ron
0
Ben Kiser Replied
Gabriele,

I updated my freshclam.conf file and ran the signature update and I get a "Not supported protocol" error.  With a little research I determined this is because the ClamAV bundled with Smartermail does not support HTTPS.  Is there a way of updating the ClamAV, is it automatically updated with the Smartermail update?  Any help would be great.

Thank you,

Ben
0
Ben, do you have a subscription to SaneSecurity and did you change the string "X_your_key_here_X" with your subscription key?

It definitely have to work...
0
Heimir Eidskrem Replied
Gabriele,
Thank you for sharing your settings and info.

Trying out the secureinfo signatures now.  



0
David Fisher Replied
Marked As Answer
Gabriele,

  AFAIK, SaneSecurity and SecureInfo are two separate companies, the urls you gave are for SecureInfo, which has a free license key, you just have to register.

0
Ben Kiser Replied
Signed up at securiteinfo.com and was able to get the key and update the signatures in ClamAV.  I did have to change from HTTPS to HTTP because the version of ClamAV in my install does not support HTTPS.  Can that be updated without having to update to the latest Smartermail version?

Thank you,

Ben
0
David, you are right! Sorry...
1
Patrick Kraus Replied
Clam AV as it comes with Smartermail is basically a waste of time and Cyren was too expensive. We are based in South African and the exchange rate just kills us unfortunately. We have tried many things but what worked best for us was to install ESET File Security for Microsoft Windows Server and then activate Command Line Anti-Virus in Smartermail with the below command.

C:\Program Files\ESET\ESET Security\ecls.exe /base-dir="C:\Program Files\ESET\ESET Security\Modules" /aind /arch /sfx /adware /clean-mode=Delete %FILEPATH

You can also include the below to add the scan log. You can then check the log and make sure the mails are being scanned correctly as each scan is recorded.

/log-file=PATH TO YOUR LOG FILE HERE

The price for the software is very reasonable (about $40 - $50 per year) and apart form providing general security for your server it also does a good job of catching viruses and phishing mails.

Naturally, nothing is perfect but the above solution with some beefed up RBL's and we are doing much better than before.

Good luck, hope it helps.
0
Matthew Titley Replied
Patrick, question for you regarding your command line solution. Would you post here an estimate of daily SMTP volume or number of users your solution supports? We have about 500 users or so. Does the ESET command line scanner "keep up" sufficiently with the spool? I suppose you exclude the spool directory from the real time scanner. Thanks for any additional info.
0
Patrick Kraus Replied
Hi Matthew. Current we have 547 active users and send and receive around 15,000 emails per day. The command line scanner appears to keep up with the spool and we have not seen any delays or the spool backing up in any way. CPU and memory usage is also unaffected. From the below logs it looks like the mails are scanned as soon as they hit the spool.

Below are 2 scan logs from the log file. The start and end times are basically identical indicating that the scan is less than a second.

Alot of ESET resellers offer a 2 week trial of the software. This is how we evaluated it before making a decision.


ECLS Command-line scanner, version 7.1.12010.0, (C) 1992-2020 ESET, spol. s r.o.
Module loader, version 1021 (20200218), build 1061
Module perseus, version 1565.1 (20200907), build 2140
Module scanner, version 22005 (20200917), build 46828
Module archiver, version 1306 (20200803), build 1340
Module advheur, version 1202 (20200730), build 1193
Module cleaner, version 1213 (20200804), build 1330
Module augur, version 1075 (20200911), build 1076

Command line: /base-dir=C:\Program Files\ESET\ESET Security\Modules /aind /arch /sfx /adware /log-file=C:\maillog.txt /clean-mode=Delete c:\SmarterMail\Spool\SubSpool8\152930454.eml

Scan started at:   Thu Sep 17 17:08:34 2020

Scan completed at: Thu Sep 17 17:08:34 2020
Scan time:         0 sec (0:00:00)
Total:             files - 1, objects 8
Detected:          files - 0, objects 0
Cleaned:           files - 0, objects 0


ECLS Command-line scanner, version 7.1.12010.0, (C) 1992-2020 ESET, spol. s r.o.
Module loader, version 1021 (20200218), build 1061
Module perseus, version 1565.1 (20200907), build 2140
Module scanner, version 22005 (20200917), build 46828
Module archiver, version 1306 (20200803), build 1340
Module advheur, version 1202 (20200730), build 1193
Module cleaner, version 1213 (20200804), build 1330
Module augur, version 1075 (20200911), build 1076

Command line: /base-dir=C:\Program Files\ESET\ESET Security\Modules /aind /arch /sfx /adware /log-file=C:\maillog.txt /clean-mode=Delete c:\SmarterMail\Spool\SubSpool9\152930455.eml

Scan started at:   Thu Sep 17 17:08:43 2020

Scan completed at: Thu Sep 17 17:08:43 2020
Scan time:         0 sec (0:00:00)
Total:             files - 1, objects 2
Detected:          files - 0, objects 0
Cleaned:           files - 0, objects 0
2
I really think that SmarterTools need to avoid CYREN partnership and find a better partner for AV Scanning anda Antispam filtering.

Then, when a better option is available, CYREN need to be removed from SmarterTools.

Even MessageSniffer seems to be a good filter too...

Is there anyone from Smartertools that wants to say a word about it?
0
Matthew Titley Replied
Hi Patrick, very kind of you to provide all that info. Thanks again. I think I'll give it a go as a second or third line of defense.
1
David Fisher Replied
Gabriele,

  Back in December 2019, a now former employee of SmarterTools wrote the following to you :

Cyren Zero-hour is a service that provides protection in the earliest moments of malware outbreaks and continued protection as each new variant emerges. This service is intended to be used as a complement to conventional antivirus technology as an additional protection against zero-hour virus outbreaks. Because Cyren looks for new variants of malware, we unfortunately can't guarantee that existing viruses should be caught by that service.

Cyren Zero-hour should always be used in conjunction with another antivirus solution such as ClamAV.


  It seems it only catching things other A/V wouldn't typically catch, which I think is dumb for the price, it should be a one and all solution for A/V.

Regards,
-dave
1
Matthew Titley Replied
David, yeah, that does sound really dumb and a ready-made excuse for when ransomware gets through. "If only it was a zero-hour threat rather than a zero-day threat our product would have protected you."
1
Ronald Raley Replied
It would defintiely beneficial for SmarterTools to partner with more reliable spam killing providers.

Ron
0
Francis Wurtz Replied
Hello everyone, I have installed ESET File Security for Windows Server to use the command line option as suggested in this thread. I added the option "/log-file=L:\esetlog.txt" (L: is my disk dedicated to log files) and the processing of the files seems to be working fine.

However, I am wondering about the correct configuration of my installation of ESET File Security on the server:

After the standard installation, I added the following folders in the ESET folder exclusions:
  • C: \ Program Files (x86) \ Smartertools
  • E: \ (which contains the spools folders, and all the email account folders)
  • L: \ (which contains all the Startermail log files)

I also added the following services of the exclusions process:
  • C: \ Program Files (x86) \ Smartertools \ services \ Mailservice.exe
  • C: \ Program Files (x86) \ Smartertools \ services \ clam \ bin64 \ ClamD.exe

Do you see a problem letting all ESET protection services run on the rest of the server or do you recommend that I disable all ESET services running in the background? Has anyone put together a clear procedure on how to configure ESET File Security to work smoothly with Smartermail?

Should I also deactivate ClamAV in Smartermail?

Thanks in advance!

Reply to Thread