Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Preliminary questions on alternate anti-virus engine and signature updates frequency

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 438 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skosner
      last edited by

      Hi,

      Currently considering a pfSense UTM, given its great reputation, but just wondering about two things before installing and wading thru it.

      1. Given that squid uses the clamav engine, which is allegedly weak, is it easy to swap in a different anti-virus engine, instead of using clamav?

      2. To confirm that all security components are frequently updated, can someone provide that last two dates that signatures/rules were updated for ids, malware, web filtering, and any other security related components?

      Thank you very much

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It's not easy to use a different AV engine. In fact I'm not aware of anyone having ever done it. It's certainly well outside anything supported.

        However 'weak' ClamAV may or may not be it doesn't make a huge difference anyway because that only scans what Squid is caching and that's only http or https if you have enabled full bump mode. This is probably how most malware is transmitted but certainly not all. It is simple to enable it though.

        You can set the update intervals for pulling signatures. Here I have it set to 24hrs:
        0_1547593596935_Selection_546.png

        Steve

        1 Reply Last reply Reply Quote 0
        • S
          skosner
          last edited by

          Thank you for your response. Though how is the weakness of ClamAV of little difference - especially considering "This is probably how most malware is transmitted..." ?

          This sounds as though anti-virus on a UTM is altogether of minor importance. Might there be a misunderstanding here?

          Thanks again for your reply.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, I would argue that it is of, relatively, minor importance compared with antivirus on the clients.

            You might as well enable it since it's there and really requires only a single checkbox. But I would not rely in any way on that preventing viruses reaching clients even if the scanner itself was 100% effective. Which none are anyway.

            Steve

            1 Reply Last reply Reply Quote 0
            • S
              skosner
              last edited by

              Ok, so you're leaning on client anti-virus.

              Anyway it seems the following engines can be used with squid, via havp...
              arcavir, avast, avg, clamav, dr.web, fprot, kaspersky, nod32, sophos, trend micro

              Thanks again for your input.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.