installing clamav on pfsense
-
Hello All! This may be a silly question but I cannot find a concrete answer via google. I have pfsense and have configured pfblocker-ng for a layer of security. I want to add clamav, but it seens I must install squid proxy to do so. Will this conflict with pfblocker-ng if the only part of squid running (that I can see) is clamav?
Thanks for any input
-
No, they do different tasks. Squid is a caching proxy server. ClamAV relies on it. However, I might question the value of having AV on the firewall. I've never found ClamAV to be particularly effective compared to desktop-based AV scanners, and it can put quite the load on the firewall, and sometimes it causes problems.
-
@KOM , Thanks for the input. I tested clam with eicar.com and a few other sites for malware etc. I was using a win10 pc with no antivirus active and it stopped all the test virus's.
I realize clamav is not as potent as many retail pc based products. I was looking to add another layer of protection.
Would you suggest a firewall based antivirus? If so, what /how would you use?
-
Squid can use ClanAV to scan traffic that it caches. It only scans what it can see though so that's http and https if you are running full MITM mode. Otherwise you only scan unencrypted traffic which isn't much these days.
It doesn't hurt to enable it if you're running squid already. It's the only option for firewall anti-virus in pfSense.Steve
-
@detox It isn't really surprising that it detected known fake-virus signatures. I wonder about how effective it is in general. I've never seen any qualitative comparisons such as those done by AV-Comparatives, for example. It may not even be as effective as Windows Defender, which has been getting better every year and does fairly well in testing.
At my company, I don't use any AV on the firewall, and all LAN clients have local AV protection.
