OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Klingon on November 20, 2017, 12:03:05 pm

Title: ClamAV Doubt
Post by: Klingon on November 20, 2017, 12:03:05 pm

Hi everyone,

I'm really a noob in OPNSense world, and I have a question about ClamAV.

After installing OPNSense + Configuring WAN - LAN.. I installed ClamAV plugin following the offical guide -> https://docs.opnsense.org/manual/how-tos/clamav.html

Is that enough to make ClamAV work? I don't need any kind of proxy configured or something like that? How can I verify if ClamAV is really working (logs....)?

Thanks a lot for your help!!

Title: Re: ClamAV Doubt
Post by: mimugmail on November 20, 2017, 12:39:13 pm

https://docs.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html

Title: Re: ClamAV Doubt
Post by: xinnan on November 20, 2017, 12:52:34 pm

For clamAV to work, all your traffic has to be intercepted by a proxy.  Squid. 
Basically, any traffic that will become a file on a host computer has to become a file in squid cache first.
Then it gets scanned and if its ok, send on along to its ultimate destination. 

It's nice, but it introduces LATENCY big time.  I personally think that feature is best reserved for mail servers and file servers.  AV works best at the endpoint on windows machines and linux, unix, posix, mac, bsd etc really do not need it. 

Title: Re: ClamAV Doubt
Post by: Klingon on November 20, 2017, 01:20:44 pm

Thanks a lot!!!

It's just for home use.
I think I'll uninstall ClamAV, I don't want to use a proxy at home.

Thanks again!!!

Title: Re: ClamAV Doubt
Post by: xinnan on November 20, 2017, 01:25:17 pm

Smart move.  Plus, think about this.  Lets say you have 10 or 20 computers all sucking down lots of files.
1 little opnsense scanning all those files is going to create a big processor load. 

If the endpoints handle it, the processing load is distributed and you won't notice a performance hit.  Plus, the scanners on the endpoints are typically better anyway.