2

I am planning to use ClamAV to virus scan files being uploaded to a Web Application running on Ubuntu Servers.

ClamAV will be installed on a dedicated server and when the file is being uploaded, the bytes will be scanned using the clamMD daemon (using java sockets) and checked for virus. Most of my webapp users will be Windows based so I am expecting ALL possible windows based viruses.

My question is, has someone used ClamAV in production for such a use case/setup..?

I have heard that ClamAV being open source is slow when updating virus definitions related to Windows Virus and thus may allow some infected files to get through.

Or is it best to go with a commercial option? If yes, can someone suggest me possible reliable vendors who provide virus scan engines install-able on Linux and have used those vendors for the above set-up?

user9517
  • 115,471
  • 20
  • 215
  • 297
lingostar
  • 31
  • 1
  • 3
  • "What's the best X" / "Suggest a vendor for me" type questions are generally a poor fit for ServerFault -- Only *you* can evaluate your needs and decide what is best / who is best to provide the products/services... – voretaq7 Nov 23 '11 at 18:44

2 Answers2

2

We use clamav as the standard scanner for linux. We update the signatures every hour and each clamav server polls the signature updates from a local installserver.

Since this is almost the last security line and we are in a well protected environment we never ever did see a real virus. But I have no doubt that clamav will do the job (we did some tests with EICAR).

Nils
  • 7,695
  • 3
  • 34
  • 73
  • thnx for your input. But just to confirm, do you allow users to upload files to your application..? or do you use ClamAV to perform scanning of your linux file system..? – lingostar Nov 23 '11 at 16:26
  • Yes - we allow uploads (but only from logged in users) . Since the application has no direct support for AV-scanners we watch the tmp-directory (with clamfs) where the uploaded files get temporarily stored. – Nils Nov 23 '11 at 19:23
  • thnx for your pointers....and apologies for my late response. – lingostar Nov 30 '11 at 13:47
2

The technical feasibility of the setup put aside, you should abandon the thought that a virus scanner is going to bring you any kind of certainty of having malware-free data. Any virus scanner is only going to scan for the most visible and known malware patterns. Thus, a scanner can only be an "annoyance reducing facility", not a security measure.

That said, if you are interested in data about antivirus software detection rates, there are plenty of reviewers (especially PC magazines) writing on this topic. av-comparatives.org offers a number of different reports with data about how the scanners are performing in different situations.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174