> I was rather hoping that F-Secure might update itself, especially when the
> jump was from one minor revision to another (ie: 5.30 to 5.40 - assuming
> that is a "minor revision" in their scheme of numbering).

I installed 5.40 over 5.30 many times, both manually and through the central management console in their Enterprise product suite, and it worked as you would expect, upgrading the previous version. The only "gotcha" is that it overwrites the AV databases, so they are outdated immediately after the update. By default, F-Secure looks for AV database updates after a reboot and then every hour, so the databases are updated as soon as you reboot after the installation. What could have happened is that your old Backweb did not install correctly for some reason. I am not personally familiar with it as I use the Enterprise version. The only difference is that you have a central copy of Backweb from which all the computers at your site update themselves, and a management console from which you can produce reports, set policies (eg people in department such and such are not allowed to disable the virus scanner), update remote computers, etc. Otherwise it is the same code. We have of course tested the standalone version of FSAV as part of QA testing, but I was not involved in that so I cannot comment on the standalone Backweb.

Anyway, one of the reasons we chose F-Secure (long before we were looking for an OEM solution for LISTSERV) is that it had the best update mechanism of the AV products we reviewed. We had, er, a major brand product before and I personally got tired of the amount of trouble it gave me on my PC. I also did not react too well when the expensive support service turned out to produce advice such as "Solution: do not use Windows 2000" on a product whose jacket said "Windows 2000 Ready!" in big letters. Eventually, I got tired of downloading ZIP files, stopping the AV, installing the new databases, restarting the AV, checking that it still worked (sometimes it didn't and you had to back out), all that because I had the nerve of running Windows 2000 and, 3 months after the bug was reported, no fix was available. Eventually, I discovered on my own that the fix was in fact available, in the form of a new version which, while not free and not "Windows 2000 Ready!", actually did work on Windows 2000. No, I could not get the new version for free, but I was welcome to buy it at the standard upgrade price - sorry. In contrast, I have had a similar problem with a major computer manufacturer (I bought a "Year 2000 ready!" box that later turned up not work in year 2000), and after reporting the problem I got a free, specially patched box that solved my problem, plus an apology from a VP, and some free software as a token of goodwill. I am still buying most of our hardware from them.

F-Secure is very well known in Sweden and I gave it a try, along with another major product. FSAV worked right away, updated reliably and consistently, found viruses that the other products had not found, and soon we had decided to migrate to F-Secure. There is another major brand product that I liked better as a standalone scanner, but their Enterprise edition was very limited, and F-Secure consistently found more viruses, so we bought F-Secure for our internal use.

Having already F-Secure on their desktop, developers naturally tried working with it first, and one thing led to another. But this all started as a "happy camper" experience as a regular customer. The product is not perfect and it is not the best in every area, in particular it is slower than most other products due to having 3 separate engines, but scanning speed is not the most important for LISTSERV - the key is catching as many viruses as possible in real-life conditions, which means a dependable, fast database update process to catch new viruses as soon as they become registered. Lab tests are very useful, but they do not tell you how quickly you are protected against new viruses, which is the key factor for mailing lists.

> So, in general, would you recommend removing any other virus scanners on the
> server?

Most AV vendors, including F-Secure, recommend removing other virus scanners prior to installation. I am not qualified to speak authoritatively of the combination F-Secure/Sophos, but it seems safer to follow the vendor's recommendation. On the other hand, it may also work fine with both products. I just don't know.

> Or would you recommend that at least the configuration of other
> virus scanners is reviewed to perhaps exclude Listserv/LSMTP directories, or
> make sure it's not set to scan all file types?

As far as LISTSERV is concerned, you only need to scan .EXE files in the LISTSERV directory tree if using the real-time scanner, but it would be prudent to enable the "usual" set of extensions on the whole server. You definitely do not need to scan all files for LISTSERV's sake, and it could have a significant performance impact, especially with 5.30. With 5.40 and the upcoming level set, you can choose to use the command-line scanner instead, in which case you do not need to enable real-time scanning at all, but this is still experimental (it will remain undocumented until the next level set). The real-time scanner is faster, although on Windows the new command-line scanner is also very fast, but on a server with a low mailing list volume and a lot of other activity, you may simply not want to enable real-time scanning. In your case I would recommend real-time scanning, given your volume. On Linux, only the command-line scanner is available, and unfortunately it is quite slow.

> Yes, it does appear to be still intercepting some viruses. Here are last
> month's figures, as a matter of interest:
> 
> Outbound infected msgs stopped: 125831

I expected a number substantially higher than zero, but I must say that I did not expect that many digits. I would say that it is a strong argument to keep F-Secure ;-)

  Eric