Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to install antivirus software?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      danibert
      last edited by

      Hi,

      first, I´m new to the hardware-firewall-thing, and have not much experience, yet. My question: I want to install an antivirus software. How would you recommend me to install it?

      Should I install it directly on the firewall, or on the server behind the firewall?
      If it´s better to install it on the firewall, is there something special to keep in mind, or is it the same setup process like on an usual linux OS?

      What antivirus software can you recommend?

      Thank you in advance
      Danibert

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        Before thinking any further you should notice, pfSense does not run on a "usual linux OS". It runs FreeBSD (6).
        Besides that, the question is quite vaguely. What do you want to scan with you AV?

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • D
          danibert
          last edited by

          I want to avoid viruses on the server´s system files and in E-Mails, sent and received over the server.
          I don´t know what is more effective, to scan the files on the server, or to scan the data transfer to and from the server….

          1 Reply Last reply Reply Quote 0
          • S
            sai
            last edited by

            If you have a mail server then AV for emails should be on the mailserver. It can take emails, put them in a queue and scan them. A few seconds delay is not noticeable. Of course if the server is running windows then you want to clean things up before they get  there.

            1 Reply Last reply Reply Quote 0
            • JeGrJ
              JeGr LAYER 8 Moderator
              last edited by

              Without knowning more details (what server- and what firewall-arch) I would respond to

              I want to avoid viruses on the server´s system files and in E-Mails, sent and received over the server

              Scan e-Mails on their way to the server via a mailgateway. It wouldn't be the first time there was some strange side effect when doing the scanning on the same system having the normal mail service on. Get them out before they reach the final destination server (and the user) and run an additional AV on the normal filesystem of the server for file services.
              But I would not run that kind of thing on the firewall itself. Keep the firewall architecture as clean as possible and don't mix it with further services if they don't have necessarily to do with it. E.g. split the fw-arch into three nets, WAN, DMZ and LAN and setup the mailgateway in the DMZ area. So you don't have any probably "bad things" in your LAN before it passes all your desired tests.

              Just my thoughts on this :)

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.