Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Since you're using RHEL, I'll assume that you're wanting A/V solutions for a server environment. In that case, it really depends on what purpose you're intending to use the antivirus software for -- email server, file server, etc.
There are plenty of alternative antivirus solutions out there, but you'll have to pay for most of them (and especially for servers they're not cheap). May I ask though why you don't think Clam will fit your needs? I've used Clam on my servers for scanning Samba shares and incoming/outgoing email for the past 3 years now and it's always performed wonderfully. Not that I'm doubting you at all, I'm just curious what makes you leery of it...
Once we know that information, we can help you make an informed decision!
I wasn't knocking Clam. I just said I wasn't convinced
Convinced about what?
I need to hear your experiences with Clam!
I ran some AV tests (granted, time ago) against my mixed collection of *NIX and W32 goodies and IIRC at the top of my list where Uvscan (the old McAffee *NIX engine), NOD32 and RAV (gone, sadly) while F-prot, AVG (freeware version) and ClamAV underperformed constantly measured by hitrate. I don't have my regular test set at hand but here's a quick report of running NOD32 and ClamAV on another stash containing all sorts of Rootkits, LKM's, flooders and other w32 goodies. Quality of detection engine and databases is what matters, IMHO:
Files scanned: NOD32: 11000, ClamAV: 9280.
"Threats / "Infected files" found: NOD32: 421, ClamAV: 150.
Edit: if you decide to go for commercial AV then by paying them you acknowledge the AV market is a monopoly and you condone it to exist as such. Apart from true value like the quality of the detection engine you're basically paying ransom because they hold the data (signatures) hostage. If you don't play by their rules you get zilch. That's the reason ClamAV is what it is today, I think.
Some arbitrarily picked results:
sauber (LRK logcleaner): BDC: YES, ClamAV: YES, F-prot: YES, NOD32: YES.
modhide.o (Knark): BDC: YES, ClamAV: NO, F-prot: NO, NOD32: YES.
raptor_prctl (kernel 2.6 local root exploit): BDC: NO, ClamAV: NO, F-prot: NO, NOD32: NO.
du (FreeBSD rootkit) BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.
Nestea (prev millennium flooder): BDC: YES, ClamAV: NO, F-prot: YES, NOD32: YES.
First of all these results should not be mistaken as a qualitative measurement of the products engine and sig db's. Apparently anyone can detect well known logcleaners and flooders, which is expected. Failing to detect a well known, old Linux LKM is not good, since these products (apart from my NOD32) are specifically meant for GNU/Linux and Knark is still used. The raptor kernel exploit isn't detected at all. What do you think? Wouldn't you like to know when there's a local root exploit found in your accessable temp dir?..