Squid/Squidguard and commercial Antivirus



  • Dear all,

    Did anybody implement pfSense with Squid/Squidguard and any commercial Antivirus solution such as Kaspersky, BitDefender, McAfee, ESET, Sophos and so on? (I clearly do not ask for ClamAV!)

    Thanks for sharing!



  • wat?

    None of those vendors has a product that will run on FreeBSD that I am aware of.  Besides, AV on the firewall is idiotic.  It slows everything down for everyone when you would be better served by putting commercial AV on your LAN clients that require it.



  • @KOM:

    None of those vendors has a product that will run on FreeBSD that I am aware of.

    To your knowledge, if you search on the internet, you wil definitely find answers to commercial antivirus products to run on FreeBSD/UNIX/Linux.
    i.e:
    https://kc.mcafee.com/corporate/index?page=content&id=KB52944
    http://www.kaspersky.com/de/product-updates/proxy-server-antivirus

    @KOM:

    Besides, AV on the firewall is idiotic.  It slows everything down for everyone when you would be better served by putting commercial AV on your LAN clients that require it.

    No it's not. If you're using a high end firewall with enough power, it will run.
    And besides, a lot of commercial UTM appliances also do exactly this: scan inbound traffic to find viruses and malware.
    i.e:
    https://www.sophos.com/en-us/products/secure-web-gateway.aspx
    http://www.watchguard.com/wgrd-products/security-modules/gateway-av
    I don't think it is idiotic to run security on the first "door". If you don't, your problem… ;-)



  • you wil definitely find answers to commercial antivirus products to run on FreeBSD/UNIX/Linux.

    Huh, I had no idea.  You learn something new every day.

    No it's not. If you're using a high end firewall with enough power, it will run.

    I would rather not have some PC-class desktop as my firewall just so I can scan for viruses and malware that I don't have.  Most of my clients are Android, Apple and Linux.  The Windows boxes have their local AV clients.  I tried ClamAV a few years ago and it was dreadfully slow.  I agree with you when it generally comes to layered security, but AV on the firewall is too much of a performance tradeoff for me.