AV these days?

elementalwindx

How's the AV system in pfsense these days? I tried using it about 5 years ago. If I recall you have to install some kind of squid proxy thing, and then some kind of clamav thing, but I had all sorts of issues when it came to downloading installer files where the files would be corrupted, and wouldn't download right, so I lost all hope on it. Now I'm revisiting the topic and wondering what you guys think about it, and what is the proper way to do it?

Thanks.

KOM

what is the proper way to do it?

To me, AV belongs on the client.  I tried ClamAV a year or two ago and wasn't happy with the performance hit.  Plus I don't have a lot of faith in open source AV systems.  It's a very hard space to compete in against commercial companies.  Maybe I'm wrong in that, but I haven't seen anything to convince me otherwise.

elementalwindx

@KOM:

what is the proper way to do it?

To me, AV belongs on the client.  I tried ClamAV a year or two ago and wasn't happy with the performance hit.  Plus I don't have a lot of faith in open source AV systems.  It's a very hard space to compete in against commercial companies.  Maybe I'm wrong in that, but I haven't seen anything to convince me otherwise.

Yea we put bit defender on our end points. Was just wondering if the service was there and free, figured I'd use it as that extra layer.

doktornotor

Squid/C-ICAP/ClamAV should work a whole lot better than a couple of years ago, tons of fixes/changes in the package. Would I rely on it as the only defense? Definitely not, given the ClamAV detection rate. Performance penalty? Absolutely.

P.S. Not a fan of the AV industry at all. They often cause more harm than they prevent. Some reading @ https://twitter.com/taviso/ - incl. latest WTFs such as:

• https://bugs.chromium.org/p/project-zero/issues/detail?id=978
• https://bugs.chromium.org/p/project-zero/issues/detail?id=989

elementalwindx

@doktornotor:

Squid/C-ICAP/ClamAV should work a whole lot better than a couple of years ago, tons of fixes/changes in the package. Would I rely on it as the only defense? Definitely not, given the ClamAV detection rate. Performance penalty? Absolutely.

P.S. Not a fan of the AV industry at all. They often cause more harm than they prevent. Some reading @ https://twitter.com/taviso/ - incl. latest WTFs such as:

• https://bugs.chromium.org/p/project-zero/issues/detail?id=978
• https://bugs.chromium.org/p/project-zero/issues/detail?id=989

I agree. We've had issues where bit defender blocks a program from doing an action, and it doesn't even report it in their events section in any form. No log of any kind either. Very frustrating. I will admit I've had the fewest issues ever with bit defender vs kaspersky, mcafee, norton (barf), nod32, and others.

W4RH34D

That's just it, though.

PCI Compliance requires the CC server to have AV, but the AV interferes with the machine all the time and causes all kinds of billable issues.

It is FUBAR.