ClamAV is the defacto standard for AntiVirus on Linux / FOSS. It does work for certain scenarios, yes. A good, usable example is mail AV checks, mail with ClamAV has more or less “On access” checks enabled. The same goes for Websites with the squid plug-in / module.
But the mainstay of AntiVirus besides mail is still infected files… And, in my opinion, ClamAV is not really any use as an AntiVirus for any file server - simply as it does not provide a mechanism for “On Access” checking.
What it can do, is a regular check on the whole filesystem. This easily can take 6 hours on a small-medium sized system - and only provides a “pseudo security”, as it’s use is actually zero…
NethServer acting as FileServer.
ClamAV, when installed, does a full check daily, usually at night because of CPU load.
So far, so good. Then the following happens:
A user copies a file from a compromised Notebook to the file server.
Another user / co-worker opens that file, and infects his PC or other Infrastructure.
The file in question was never checked on the server!!!
During a working day, not a single file is checked!
Anything kept until the check will be found, but for daily work, clients are unprotected…
On any properly setup Windows Server, even 20 years ago, “On Access” AV-checking is standard.
Even on other systems, “On Access” was / is the standard. I’ve had for example Novell Netware Servers with McAfee installed in 1995 - and On Access was the standard!
Now, everyone touts Linux. Yes, we have AV (ClamAV). And Samba is a great file server, can replace a Windows server easily… And Linux itself has hardly any viruses in the wild…
The components are there, but bricks lying on the floor is not a wall (yet)…
How much of this BS are we believing ourselves?
Any Feedback / Thoughts on this would be very welcome…
My 2 cents
PS: This could be subject of a sub-discussion for end of month meeting…