ClamAV - do you suggest to use it?

I am just tying to optimize my server right now.

I do not run an email server, I am using google apps for all of my sites.

Therefore, I am considering disabling ClamAV.

Most of what I can find about ClamAV is in regards to email server.

So without running an email server, would you still suggest using ClamAV? Or does it really not matter?

Also, I am on a Linode 512, I just checked and clamd was using more memory than anything else, 160mb.

14 Replies

I see no reason to use it- it is basically for email delivered to Windows clients, I believe.

Turned it off. It eats too much memory and has only marginal effect on mail delivery - filter 0.5 % e-mail more in exchange for 150 MB on 512 box? No, thanks. And use it beyond scope of e-mails is utter nonsense. Server cares about exploits, not viruses. Maybe if you use your server as a playground for your users and want to keep them out of harm … but really, who does that?

Not saying that it doesn't its job well, just that cost on Linode512 is too high.

ClamAV-daemon (clamd) is a serious memory hog. Turn it off if you don't handle e-mails. But it's sometimes useful to keep plain old command-line ClamAV (not clamd) around, in case you need to check uploaded files, etc. If none of your sites allow file uploads, well then, just delete it.

ya i have disabled that and a few other things as well.

i now have 9 sites using 5mb vram and 220mb ram, i am quite happy now.

You need to run a good antivirus on your desktop anyhow (providing it's Windows), so I don't see much point in clamav.

So when someone tries to send infected stuff through your mailserver / FTP exchange / download site you notice and stop it before it spreads flagging you as the source.

Seems it doesn't apply in OP's case.

ya i a not using a mailserver.

most of the sites on this server are mine or i am in control of them and the client is not.

only two sites are used by other people i know and they barely use the sites.

@rsk:

So when someone tries to send infected stuff through your mailserver / FTP exchange / download site you notice and stop it before it spreads flagging you as the source.

Seems it doesn't apply in OP's case.

How would it spread if every client PC is protected? If every client PC needs antivirus protection anyhow, there isn't much point running a central AV for the mail server. If you have unprotected machines on your network that might spread something, that's a different story.

If the OP isn't running a mail server, then ClamAV serves no purpose.

Spread as in, gets sent through you, and the next mailserver (or eve end-user's local AV) notices it, and screams "That stuff from is virused!". J. Random user implies "that server's bad". We want to avoid it, don't we?

@rsk:

Spread as in, gets sent through you, and the next mailserver (or eve end-user's local AV) notices it, and screams "That stuff from is virused!". J. Random user implies "that server's bad". We want to avoid it, don't we?

Gets sent through you how? Unless you're running an open relay, that doesn't happen. In most corporate environments, antivirus programs are mandatory and enforced on PCs.

So, again, the only risk here is if you've got unprotected machines connecting to your mail server.

Ever heard of defense in depth? Not every AV maker has the same signatures. Some signatures are better than others. Some detect using signatures while some use heuristics. The more differences you have in your AV types the more likely you are to prevent an infection.

I do the same for firewalls. If I can keep from it I will have multiple brands and types of firewalls protecting my critical assets in case one has a vulnerability that causes it to permit traffic that it shouldn't.

@carmp3fan:

in case one has a vulnerability that causes it to permit traffic that it shouldn't.
If that was even remotely true - time to find a way better firewall

of for the 100th time i am not running a mail server!

@vonskippy:

@carmp3fan:

in case one has a vulnerability that causes it to permit traffic that it shouldn't.
If that was even remotely true - time to find a way better firewall

My primary job is in security, so I deal with firewalls quite often. I've seen this issue with multiple firewalls from different well-known and commonly used vendors. Firewalls are just software on the inside. Coding mistakes happen.

@ripken204:

for the 100th time i am not running a mail server!

In my opinion it all depends on what the server is used for. For a mail server, of course, but since you have said for the 100th time that you aren't running a mail server, it depends. For an FTP server, probably. For a web server, maybe. For a simple test server, probably not. It just depends on what you are using it for and what other controls you have in place to protect the system and the files available on it.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct