Cyren it's technically "GARBAGE" because it seems to detect very few threats, but at least it helps a little...  It's your choice if it's worth the expense...

I use it because I think every little help it's better than nothing...

For better performance I suggest to use ClamAV with additional signatures from Sanesecurity.

If it helps you, here are my freshclam.conf settings:

DatabaseDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
UpdateLogFile C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\log\freshclam.log
PidFile C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\freshclam.pid
AllowSupplementaryGroups yes
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
MaxAttempts 3
Checks 24
NotifyClamd C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\etc\clamd.conf

DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/X_your_key_here_X/securiteinfopdf.hdb

I, too, became disappointed with Cyren performance for the exact reasons you stated and switched to an SMTP gateway device to scan for viruses and malware prior to hitting SmarterMail. I wasn't terribly impressed with ClamAV performance either.

I'll definitely try using the additional signatures in ClamAV and see if that helps, if not we will definitely look into adding an SMTP gateway device.

Review the graphs in your solution before pulling the plug.

I agree that Cyren should improve. But when you go fishing, you can never catch ALL the fish.

Ron

Gabriele,

I updated my freshclam.conf file and ran the signature update and I get a "Not supported protocol" error.  With a little research I determined this is because the ClamAV bundled with Smartermail does not support HTTPS.  Is there a way of updating the ClamAV, is it automatically updated with the Smartermail update?  Any help would be great.

Thank you,

Ben

Ben, do you have a subscription to SaneSecurity and did you change the string "X_your_key_here_X" with your subscription key?

It definitely have to work...

Gabriele,

Thank you for sharing your settings and info.

Trying out the secureinfo signatures now.  

Signed up at securiteinfo.com and was able to get the key and update the signatures in ClamAV.  I did have to change from HTTPS to HTTP because the version of ClamAV in my install does not support HTTPS.  Can that be updated without having to update to the latest Smartermail version?

Thank you,

Ben

David, you are right! Sorry...

Clam AV as it comes with Smartermail is basically a waste of time and Cyren was too expensive. We are based in South African and the exchange rate just kills us unfortunately. We have tried many things but what worked best for us was to install ESET File Security for Microsoft Windows Server and then activate Command Line Anti-Virus in Smartermail with the below command.

C:\Program Files\ESET\ESET Security\ecls.exe /base-dir="C:\Program Files\ESET\ESET Security\Modules" /aind /arch /sfx /adware /clean-mode=Delete %FILEPATH

You can also include the below to add the scan log. You can then check the log and make sure the mails are being scanned correctly as each scan is recorded.

/log-file=PATH TO YOUR LOG FILE HERE

The price for the software is very reasonable (about $40 - $50 per year) and apart form providing general security for your server it also does a good job of catching viruses and phishing mails.

Naturally, nothing is perfect but the above solution with some beefed up RBL's and we are doing much better than before.

Good luck, hope it helps.

Patrick, question for you regarding your command line solution. Would you post here an estimate of daily SMTP volume or number of users your solution supports? We have about 500 users or so. Does the ESET command line scanner "keep up" sufficiently with the spool? I suppose you exclude the spool directory from the real time scanner. Thanks for any additional info.

Hi Matthew. Current we have 547 active users and send and receive around 15,000 emails per day. The command line scanner appears to keep up with the spool and we have not seen any delays or the spool backing up in any way. CPU and memory usage is also unaffected. From the below logs it looks like the mails are scanned as soon as they hit the spool.

Below are 2 scan logs from the log file. The start and end times are basically identical indicating that the scan is less than a second.

Alot of ESET resellers offer a 2 week trial of the software. This is how we evaluated it before making a decision.

I really think that SmarterTools need to avoid CYREN partnership and find a better partner for AV Scanning anda Antispam filtering.

Then, when a better option is available, CYREN need to be removed from SmarterTools.

Even MessageSniffer seems to be a good filter too...

Is there anyone from Smartertools that wants to say a word about it?

Hi Patrick, very kind of you to provide all that info. Thanks again. I think I'll give it a go as a second or third line of defense.

Gabriele,

  Back in December 2019, a now former employee of SmarterTools wrote the following to you :

Cyren Zero-hour is a service that provides protection in the earliest moments of malware outbreaks and continued protection as each new variant emerges. This service is intended to be used as a complement to conventional antivirus technology as an additional protection against zero-hour virus outbreaks. Because Cyren looks for new variants of malware, we unfortunately can't guarantee that existing viruses should be caught by that service.

Cyren Zero-hour should always be used in conjunction with another antivirus solution such as ClamAV.

  It seems it only catching things other A/V wouldn't typically catch, which I think is dumb for the price, it should be a one and all solution for A/V.

Regards,

-dave

David, yeah, that does sound really dumb and a ready-made excuse for when ransomware gets through. "If only it was a zero-hour threat rather than a zero-day threat our product would have protected you."

It would defintiely beneficial for SmarterTools to partner with more reliable spam killing providers.

Ron

Hello everyone, I have installed ESET File Security for Windows Server to use the command line option as suggested in this thread. I added the option "/log-file=L:\esetlog.txt" (L: is my disk dedicated to log files) and the processing of the files seems to be working fine.

However, I am wondering about the correct configuration of my installation of ESET File Security on the server:

After the standard installation, I added the following folders in the ESET folder exclusions:

I also added the following services of the exclusions process:

Do you see a problem letting all ESET protection services run on the rest of the server or do you recommend that I disable all ESET services running in the background? Has anyone put together a clear procedure on how to configure ESET File Security to work smoothly with Smartermail?

Should I also deactivate ClamAV in Smartermail?

Thanks in advance!

Hi Francis, we have turned on the automatic exclusions function which will scan your server and look for any obvious exclusions. We then also added the below smartermail paths in.

C:\SmarterMail\*.*

C:\Program Files (x86)\SmarterTools\*.*

The command line scanner will scan mail in the spool which is all we want it to do.

Hello to everyone!!!

As suggested by Patrick, I'm Eset File Security to scan incoming E-Mails (I'm using the same configuration Patrick suggested, with LOG FILE ).

Ten days now and it seems that Eset never catch a virus (Every mail has "Detected:          files - 0, objects 0" and "Cleaned:           files - 0, objects 0 " in thew log file), but both Cyren ZeroDay and ClamAV have detected viruses...

Something as 170000 mail scanned...

It seems to me that Cyren ZeroDay+ClamAV with Securiteinfo definitions are doing a good job...

Allmost all the work is done by ClamAV, Cyren probably has few merits ...

I didn't even know third-party virus definitions existed for ClamAV until this thread.  Perhaps I was living under a rock.  Anyway, thank you.  I subscribed to securiteinfo.com so I could test it out with the best zero-hour malware definitions.  Immediately, I started getting SPAM caught in the Virus quarantine.

I have removed https://www.securiteinfo.com/get/signatures/X_your_key_here_X/spam_marketing.ndb from my freshclam.conf and will know shortly if that helps.

I'm curious, though, if there is a way to have ClamAV mark messages identified as matching https://www.securiteinfo.com/get/signatures/X_your_key_here_X/spam_marketing.ndb definitions not as infected with a virus, where SmarterMail will quarantine or delete them, but instead mark it in a way as that it could be processed against Antispam rules.  If ClamAV could modify the message and inject a header, then Settings -> Antispam -> Spam Checks could look for that header and assign a weight to it and I could use these SPAM definitions in ClamAV to find and detect Junk.  Since detecting here blocks the message and some of our accounts have Junk Mail filtering disabled completely, I cannot use these in their current form.

Dave

I did tried with Cyren and Message sniffer, same result :(

Today after 20 days of ESET test I will remove this software...

Over 400.000 mail scanned, not a single virus found.

Cyren Zero Hour find 2-20 virus per day

ClamAV with SecureInfo definition find about 30-40 virus per day

Hi,

I'm using Kaspersky Endpoint Security

"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com" SCAN %filepath  /R:C:\VirusReport\ReportScan.txt

Since adding the SecureInfo definitions to ClamAV the viruses caught has gone way up.  In the past week Cyren has caught 5, ClamAV has caught 90.  I would highly recommend anyone to use their definitions.

HI Manuel Martins,

are you getting along well with Kaspersky?

Did you do any particular configurations?

Thank you very much

Mark

Hi Mark,

Yes, for now i think its more efficient than Clam and Cyren together.

Just install KES with minimum settings, no firewall, no network treath, no email check, etc..

After install you may disable "File Threat" for the disk drive where you have Smartermail Domains not to harm Smartertools perfomance.

Smartermails Delivery Delay must be at least 30-40 secounds for the Antivirus to act.

Now i'm using this command to check Smartertools Spool files, 

The "/i4" option deletes the file in case of infection detected ( no desinfection ). 

The "/R" option generates a .TXT report file per day.

I like all of these anti-virus solutions.  However, I feel like using 3rd party tools and changing e-mail delay settings are a "duct tape fix."

The most popular anti-virus tools should be built-in to the SmarterMail package, such as ClamAV.  I hope to see this in their roadmap.  If SmarterTools would chime in on this thread, we would be thankful.

Just a thought.

HI Manuel Martins, 

Thank you for your response and experience with Kaspersky

I also have another question: using an external antivirus, when a virus is detected a notification is sent to the sender and recipient?

Hi Mark, 

Sorry but No. 

And I think that neither Clam neither Cyren do that kind of action...

Hi Manuel ,

Hi,

I'm glad to annouce that after update our server to Build 7593 at 2 days ago, now Clam efficiency has improved a lot.!

We have also recently noticed ClamAV working much much better in grabbing malicious junk!

Ron