How to update ClamAV
-
You shouldn't abandon ClamAV for this message.
Most servers, available on the Internet, that use ClamAV, has this line it it'log. I have it all my servers.I do NOT want to have the latest package release, I want to have the stable one.
@hugoeyng said in How to update ClamAV:
what was your alternative?ive?
With your router handling 99,99 %% TLS encoded traffic ?
No alternative.
It' all "private data" etc these days. No one sniffs through other person's chat's and mails any more.
Today, network protection can not be centralized on one place (firewall) any more. "Internet users", like "car users", "TV users", etc should follow some sort of 'eduction' about how to use it up front. You can't do more.Virus scanning etc is still useful today for mail protection : all mail comes in on port 25 - TLS encrypted of course, but it winds up in a mail box, using clear text: just a folder with mail files. These files can be scanned, enclosed files like ZIP can be opened and scanned.
edit I agree with @Raffi_ : squid - and other comparable tools, are things of the past.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan said in How to update ClamAV:
Virus scanning etc is still useful today for mail protection : all mail comes in on port 25 - TLS encrypted of course, but it winds up in a mail box, using clear text: just a folder with mail files. These files can be scanned, enclosed files like ZIP can be opened and scanned.
@Gertjan Interesting point on the email scanning. Didn't think that was the case, but that makes sense.
@hugoeyng As I said, check to see the squid usage in your own case. Supplementing it with the other tools mentioned is a good idea if you're not already doing so.
edit: agree with @Gertjan on educating web users too. You try to do all that you can to help prevent them from going to the wrong site or clicking on the wrong link, but they should know what to look out for. We all have that person that no matter how many times you tell them not to click on the link in the email, how can they resist saving 1000% on their insurance bill.
-
@Raffi_ said in How to update ClamAV:
how can they resist saving 1000% on their insurance bill.
The rich African widow is back. She has 45 kilo of gold just for you, but to finalize the transfer she needs your credit card number.
This still works today.https://www.youtube.com/watch?v=_QdPW8JrYzQ& ( clean the floor first, you'll be rolling there in 15 second s)
-
hahaha the list goes on with these.
Edit: On a more serious note though, the most effective solution I have found for preventing security issues has been on our email server side. We are small company using Office 365 and after a few incidents we had, we opted for the advanced threat protection . That is the best money we spent. I have to say Microsoft is doing a great job of preventing incidents for us. Email is our biggest risk and they have nearly taken all the risk out since all attachments and links are scanned on the server side before it reaches the end user. Since enabling ATP we have not had a single incident with emails. We still get occasional spoofed emails, but I'm not as worried about that since our users are fully aware of what to look out for and to verbally confirm with anyone before wiring money. Sorry for sounding like an advertisement, but this is a true testimony. Key point I'm trying to make here is the email server side is what should really be beefed up if it isn't.
-
@Raffi_ I understood.
In my case, the use is a little bit higher.
-
@hugoeyng said in How to update ClamAV:
In my case, the use is a little bit higher.
Interesting, yes that does look much more useful than I found. In that case, keep squid and ClamAV definitions up to date which you are already doing. Even in your case it is on average 6% effective, although you do have days it is above 20%. That's surprising. You may still want to consider supplementing squid/ClamAV if you aren't already.
I think @Gertjan made a very good point on that warning message and I agree.
Most servers, available on the Internet, that use ClamAV, has this line it it'log. I have it all my servers.
I do NOT want to have the latest package release, I want to have the stable one.So to be clear, I'm going to repeat that the warning message is nothing to worry about.
-
-
@hugoeyng said in How to update ClamAV:
@Raffi_ Thank you for answering.
@Gertjan I agree with your point: better is to have de stable version. But inyhe
future the stable version will be the 0.102.3. The question is: will the clamav be updated by then?(Virus definition database is updated).
You can do this manually via pkg:
pkg add -f http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/json-c-0.14.txz pkg add -f http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/clamav-0.102.3,2.txzNothing to worry about, doing this for years now, worst thing that could happen is that ClamAV gets downgraded on a pfSense update again.
You can even install your own build of ClamAV, like I do which has the threaded reload patch backported to clamav-0.102.3,2:
https://github.com/Cisco-Talos/clamav-devel/pull/126
-
@Bismarck Worked!
-
I use ssl intercept and it does scan https traffic. With protocols like doh, dns over https, pfblocking is just wackamole. Squid a pain to configure with ssl intercept but it works great once it is configured. ClamAV is a pain when it updates, it hogs resources. So I use cron and it updates in the early hours
