2

Q1: Does anyone know of some real-time, on-access protection antivirus software for linux, that is capable of fully utilizing multi-core processors of today?

I am having issues using KAV for Samba, as while it does its on-access scanning, files are being accessed by many clients and that creates a bottleneck on server, as it scans (almost) every file on open.

Another problem that I have with KAV is that it won't work with kernels newer than 2.6.26, which is a problem, since it won't work with new hardware (which requires new kernel versions).

Q2: Does anyone knows of on-access antivirus software for linux that works with newest kernels? A big plus is if one has used software with success.

If anyohe has an idea about solving one (or both) of these problems, please!

I have tried to configure samba-vscan wth ClamAV, but no luck there (some weird error during compiling of samba-vscan module).

By the way, server is being used as samba server, in a network of clients, running Debian-based distro (if it matters anyway).

Thanks!

mr.b
  • 583
  • 10
  • 25

1 Answers1

0

I did a little Google checking and ClamAV claims to support both multi-threaded and on-demand scanning. See here for the 0.96.1 release early-to-mid 2010. They offer help in a few ways that should hit your questions directly. This includes forums, a wiki, and even paid support. If this is an employer-directed action, ask them to buy some support so that you can make some progress.

I saw a hint that the Dag Wieers repository may have one prebuilt, but I'm having trouble browsing the repository either on his website or rpmforge.net.

By the way, kernel-based on-access scanning is still not merged the last time I checked. That said, we were able to get the newest Symantec Endpoint to run on some RedHat 5 boxes. I wasn't privy to the details as far as problems and such. I also don't know if there is a Debian distribution or if it is on-access scanning.

zerolagtime
  • 1,428
  • 9
  • 10
  • Were you satisfied with Symantec Endpoint, performance-wise? – mr.b Nov 08 '10 at 19:09
  • We don't hate it. We also don't let it run on our servers, just desktops. I don't know about it's performance server-side. Nothing noticeable on the desktop - it integrates nicely and stay out of my way. Mainly there for to be a checked box on our security checklist. – zerolagtime Nov 09 '10 at 04:19
  • ClamAV "supports" on-access scanning, using external, clamfs utility (you remount target directory structure as on-access scanned directory, courtesy of clamd). Marking it as an answer. – mr.b Nov 23 '10 at 02:51