Is clam anti-virus a decent product
 

I was thinking about setting up a Linux server as a VPN, a caching server, a network intrusion detection system, and also using it as an anti-virus program to filter data before it gets to the client machines. I was wondering if you think this is a good idea? Also the Windows version of clam anti-virus doesn't get to many favorable reviews. I was wondering if the Linux version is any better and whether it filters for Windows viruses. Do you think it's a good choice? Suggestions?

Clam has a great reputation. Many costly network appliances offer clam as an integrated virus scanning engine, along side the likes of mcaffee and f-secure. good idea all round i'd say, just be sure that the server you run it on can handle the load.

Reply
 

It's not a huge network, less than 20 machines in all. My main concern is whether clam can detect Windows specific viruses. The machine I was thinking of would be about a gig with 256MB RAM. Think this is sufficent?

I believe clam can find windows viruses, check their web site, the should have that info.
The necessary server speed depends on how much and what kind of traffic you have.

virus scanning is about recognising identifiable traits in network data, you don't need to have any interest in the formats of the data or anything, just see signatures in what ever it is you're looking at.

It won't identify viruses in attachments of encrypted emails (ssl), will it?

Reply
 

I got that Virus Scanning is about matching signatures but I wasn't sure if the *nix version came with the Windows signatures or if there's a way I can add them. Reviews for the Windows version weren't very good so I don't know if the *nix version is any better. I also read that Clam can only detect viruses when a check is run, it won't stop you from running a program. So I was wondering if it can catch data as it hits the system.

ClamAV is not ment to be a replacement for desktop antivirus programs. Last time I checked (the Unix version) it did not include realtime protection like most popular Windows antivirus programs (F-secure, McAfee, Norton etc). It is, however, quite useful in gateway computers (email servers and such) to prevent viruses from coming into the local network. Of course it can be used to do ordinary virus scans. For these purposes it is quite usable.

The Unix version does include virus signatures for Windows viruses; in fact, the vast majority of computer viruses are designed for Windows, so an antivirus program without Windows virus signatures would be next to useless.

I'm not sure about the SSL problem - check ClamAV website for that.

clamav has real time(ie scan on access) virus protection. You need to install and configure the dazuko kernel module. I use avast antivirus http://www.avast.com//i_kat_207.php?lang=ENG&fnc=finish. I tried f-prot, clamav, bitdefender, antivir and others and i was quite satisfied with clamav. I use avast because like bitdefender i knew it when using windows. It is also easy to create a slackware or debian package from the avast rpm file with only gtk2 as dependency.