Antivirus for all protocols



  • Hi
    I want to extend clamav virus checking for all protocols in pfsense .
    Can you give me some guidance?



  • What do you mean 'all protocols'?  Isn't ClamAV just a file scanner that works in conjunction with a web proxy?



  • For example , virus checking for  BitTorrent and H.323 packets.



  • I don't believe that ClamAV works at the packet level.



  • These are "application layer" protocols over Packet Level (Network and Transport Layer) . I want to extend pfsense antivirus functionality like commercial products(Fortigate UTM).



  • After using ClamAV for several years I've given up on them due to their low quality signature database.  They are way behind other free alternatives.

    You'll be spending way too much time on reacting and reporting to the frequent false positives for it to be useful. In addition to that their update servers are in my experience often unavailable.

    I don't know, maybe running a decent AV-service isn't possible as open source? :'(



  • Ah, sorry. For a moment, I thought you were asking to scan the packet stream.  I agree with P3R in that ClamAV isn't that great.  I gave up on it when it was killing our performance, and we already have client/server protection.  Managing an AV service infrastructure isn't simple or cheap, and I can't imagine any FOSS project being able to keep up with the big boys in that regard.