Test your servers Virus filters - don't assume

On one of our RHEL5 servers running Ensim, we noticed after the last big update of RHEL using 'yum update', that MailScanner was capped out, using tons of our CPU power. In the past when this happens I usually find it is ClamAV acting up. However, we were using on this server a free version of f-prot. I took a chance and purchased the latest greatest mail server version of f-prot and installed it. Bingo, the problem went away. Why f-prot? It works and it is easier on the server. I have noticed that the server load with f-prot is noticeably lower than when using ClamAV. Once the new version of f-prot was properly installed, I wanted to test that it worked as it should. A friend suggested to test the virus scanner I should put it to a real-world test using one of Declude.com's free tools. This test would actually send an email to my server with a file that was made to get caught be anti-virus filters. The test worked well, too bad my anti-virus f-prot filter didn't. After a quick check I realized I had not modified one path in my MailScanner rules file to point to the new f-prot location. After I fixed that, I ran the test again, and sure enough, my anti-virus filter was working as it should. Lesson learnt? Never assume your new software works, test it!

Comments