Using CLAM AV without Squid
-
I've been having problems using Squid under 2.3.2, that is pages are periodically blank so I removed the plugin and everything works again.
Is there a way to use CLAM AV without using Squid? I think that Squid MUST be used by the PCs for CLAM AV to serve any purpose.
Is that correct, or can I reinstall Squid again, not use its proxy features but just CLAM?
-
Without Squid the AV will not ever see the traffic. So no, that's a definitive no go. (For AV fans, you are WAY better off with AVs on the endpoints anyway; wouldn't rely on ClamAV.)
-
Without Squid the AV will not ever see the traffic. So no, that's a definitive no go. (For AV fans, you are WAY better off with AVs on the endpoints anyway; wouldn't rely on ClamAV.)
Thanks for the advice but can you expound why not to reply on ClamAVÂ and its better for AVs on the endpoints ?
I am curious because I would wonder why the developer did come up with ClamAV with ICAP on Squid Proxy if it will not be reliable and endpoint AVs are way better.
-
Because people we asking for it over and over again and there's nothing else available as open-source you could distribute?
ClamAV has an abysmal detection rate and is extremely slow. OK for scanning mail with third-party signatures, other than that, wouldn't use it.
-
So i'm assuming ClamAV is still NOT preffered way to do AV screening. I'm sort of glad to hear that anyway as when i enable squid proxy and clamav, one of those two slows down my DNS significantly to
the order of 10x where dns lookup was 30ms now with all those services running is 600ms which is 2000% slow down. I think it's proxy not clam av but that's a no go for me if that's the price to pay.
I'm still trying to figure out why i would need proxy server for 3 clients max and why would anyone want to deal with cache of that later.