Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Is ClamAV worth the effort?
  •  
jaikudo

Messages: 83
Karma: 0
Send a private message to this user
I am trying to get ClamAV working on Fedora 7 and it is giving me trouble. I won't ask about the details now.

What I want to know is how much extra security we would get from using ClamAV (in addition to McAfee) anyway? Is it worth it or is McAfee all we need? If it is worth it then I will keep trying to get it going. If not, I won't bother.
  •  
jaikudo

Messages: 83
Karma: 0
Send a private message to this user
I got it working in the end. Fedora was giving me the wrong packages. Once I got the right stuff and followed the instructions it worked fine.

I would still be interested to know how worthwhile it is.
  •  
88fingerslukee

Messages: 177
Karma: 0
Send a private message to this user
I am also curious. Should I be exploring the use of a secondary AV program? McAfee has a pretty good rep.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
You should always uses more than one scanner. No scanner, not even the best, is 100% at catching threats, so there's always a risk involved. By using more that one AV scanner, you reduce your risk. The question is, where is it? Is it on a gateway or on the mailserver itself. If you have a desktop AV client that scans mail, is that enough, or do you want to catch it before it reaches client machines.

Scott
  •  
jaikudo

Messages: 83
Karma: 0
Send a private message to this user
We use Sophos on the desktop, so we already have the advantage of two different scanners. Sophos updates every 3 hours and we have also set McAffee in KMS to also update every 3 hours. Clam via KMS would be a third level of protection for us. Clam only updates once a day.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I have McAFee on Kerio Winroute and ClamAV on Kerio Mailserver. So messages get checked first by McAfee and then by ClamAV. And ClamAV is indeed sometimes catching stuff that McAfee lets passed. Mostly not viruses perse, but phishing emails. ClamAV seems to check for phishing and McAfee does not. Once in a while a real virus too. (However, ClamAV does have its share of false-positives, so maybe ClamAV is wrong here.)

Anyway, I like the extra layer of protection. Certainly, one layer of AV will let things slip through once in a while.
  •  
jaikudo

Messages: 83
Karma: 0
Send a private message to this user
Just when I thought I had Clam behaving as I want it, I discover that it won't start up on reboot. This is on Fedora 7.

"service clamd start" works fine when run as root after login.

I can see it try to start clamd when booting but it says "[failed]" twice! There is nothing in the clamd log to suggest it even tried to start.

I have S75clamd in rc3.d, rc4.d and rc5.d.

Does anybody have any ideas?

Is it likely to be the boot environment differing from the running one?

Is S75 too early for clamd? I could move it to S98 but I would have to move Kerio to S99 to get them starting in the right order.
  •  
jaikudo

Messages: 83
Karma: 0
Send a private message to this user
I have now traced this back as far as SELinux. Setting it to permissive mode solves the problem. It seems that it thinks there is something wrong with Clam, that there is something wrong with my second disk and that the port is dodgy too. None of this makes any sense and, having followed its advice to "relabel" the system and got nowhere, I am inclined to regard SELinux as more trouble than it is worth.

What does everybody think? Should I debug this or just leave SELinux in permissive mode?

[Updated on: Mon, 18 February 2008 18:32]

Previous Topic: Blocking webmail access for users ?
Next Topic: Disk size
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 05:11:38 CET 2017

Total time taken to generate the page: 0.00490 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.