[clamav-users] Services Difference & Memory Utilization

bobby architectofthefuture at gmail.com
Mon Sep 14 20:25:20 UTC 2020 

Why is AS14061 on your block list?

On Mon, Sep 14, 2020 at 2:58 PM G.W. Haywood via clamav-users <
clamav-users at lists.clamav.net> wrote:

> Hi there,
>
> On Mon, 14 Sep 2020, bobby via clamav-users wrote:
>
> > I plan to use it for email processing.  I am using postfix
> > currently. There are no other users besides myself, and it's only
> > one domain.
>
> What mail clients will there be?  Any Windows boxes?  To protect a
> Linux box against malware is relatively straightforward[*].  I use
> Linux more or less exclusively and I use ClamAV because I do a lot of
> spam processing, not because I feel the need for protection.
>
> For mail scanning you'd normally run two daemons, 'clamd' which is the
> actual scanner and a 'milter'.  The milter takes messages from the MTA
> and passes them to clamd for scanning, then advises the MTA of clamd's
> findings.  That might explain your confusion about services but I know
> little about the way Centos does things.  ClamAV provides a milter,
> unsurprisingly called 'clamav-milter'.  It does a bit more than I've
> described here but that's its main job.
>
> Personally I prefer not to use the distro-specific versions of things
> like ClamAV, partly because the distro maintainers almost invariably
> mess with things to comply with "policies" and partly because they're
> often not quite as up to date as you'd like in something like a virus
> scanner.  ClamAV isn't so very difficult to install from source, and
> you'll learn a lot about it in the process.  OTOH on security grounds
> you might not want for there to be a compiler available on the box - I
> would certainly not want one on a firewall for example.
>
> > This may be a silly question to ask here... but is there any other
> > decent anti-virus software that does not take up as many resources?
>
> If you want open source, I don't think there's anything else.  There
> are commercial packages.  I don't know how they compare for resource
> usage as I have no experience of any of them.  See e.g.
>
> https://en.wikipedia.org/wiki/Comparison_of_antivirus_software#Linux
>
> A very few claim to be free, but you will still need a (proprietary)
> licence and probably have to accept some terms before you even get a
> copy of the package.
>
> > I am currently running my box in DO, and it looks like the next step
> > up for RAM is 4GB.
>
> DO == Digital Ocean?  AS14061 is in my block list. :)
>
> --
>
> 73,
> Ged.
>
> [*] Don't run any network-listening daemons that you don't have to,
> don't accept any connections you don't have to, and don't accept any
> connections from China and a bunch of other places with, er, history.
> Use common sense browsing habits - like using advertising and script
> blockers, not visiting porn sites etc.  Of course keep the security
> patches up to date, don't let things run as root if they don't have
> to, don't run anything you don't have good reason to trust, use good
> passwords and don't give them away.  Any number of places on the net
> can probably add a few items to that short list.  This approach is a
> lot less likely to fail because of a zero-day vulnerability which the
> virus scanners haven't yet caught up with.  Postfix itself will need
> to listen to the network so make sure if it is compromised by a zero-
> day vulnerability the user which runs Postfix can't do anything bad to
> the box (the same theory applies to clamd and any milters) without at
> least exploiting _another_ vulnerability to get elevated privileges.
> If you've done your homework well and kept on top of things there most
> probably won't be one.  Unluckily if you're using a provider to supply
> the machine itself it's most likely virtual, meaning a vulnerability
> in the VM could be used to exploit not only _your_ VM, but very likely
> thousands of others as well.  In that case, expect not to recover it.
> You'll want to know that you have backups you can rely on; to me that
> means it's in my office, not in some cloud in nobody-knows-where, and
> I made it last night.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200914/5ffb642e/attachment.htm>

More information about the clamav-users mailing list