Hi there, On Mon, 14 Sep 2020, bobby via clamav-users wrote:
I plan to use it for email processing. I am using postfix currently. There are no other users besides myself, and it's only one domain.
What mail clients will there be? Any Windows boxes? To protect a Linux box against malware is relatively straightforward[*]. I use Linux more or less exclusively and I use ClamAV because I do a lot of spam processing, not because I feel the need for protection. For mail scanning you'd normally run two daemons, 'clamd' which is the actual scanner and a 'milter'. The milter takes messages from the MTA and passes them to clamd for scanning, then advises the MTA of clamd's findings. That might explain your confusion about services but I know little about the way Centos does things. ClamAV provides a milter, unsurprisingly called 'clamav-milter'. It does a bit more than I've described here but that's its main job. Personally I prefer not to use the distro-specific versions of things like ClamAV, partly because the distro maintainers almost invariably mess with things to comply with "policies" and partly because they're often not quite as up to date as you'd like in something like a virus scanner. ClamAV isn't so very difficult to install from source, and you'll learn a lot about it in the process. OTOH on security grounds you might not want for there to be a compiler available on the box - I would certainly not want one on a firewall for example.
This may be a silly question to ask here... but is there any other decent anti-virus software that does not take up as many resources?
If you want open source, I don't think there's anything else. There are commercial packages. I don't know how they compare for resource usage as I have no experience of any of them. See e.g. https://en.wikipedia.org/wiki/Comparison_of_antivirus_software#Linux A very few claim to be free, but you will still need a (proprietary) licence and probably have to accept some terms before you even get a copy of the package.
I am currently running my box in DO, and it looks like the next step up for RAM is 4GB.
DO == Digital Ocean? AS14061 is in my block list. :) -- 73, Ged. [*] Don't run any network-listening daemons that you don't have to, don't accept any connections you don't have to, and don't accept any connections from China and a bunch of other places with, er, history. Use common sense browsing habits - like using advertising and script blockers, not visiting porn sites etc. Of course keep the security patches up to date, don't let things run as root if they don't have to, don't run anything you don't have good reason to trust, use good passwords and don't give them away. Any number of places on the net can probably add a few items to that short list. This approach is a lot less likely to fail because of a zero-day vulnerability which the virus scanners haven't yet caught up with. Postfix itself will need to listen to the network so make sure if it is compromised by a zero- day vulnerability the user which runs Postfix can't do anything bad to the box (the same theory applies to clamd and any milters) without at least exploiting _another_ vulnerability to get elevated privileges. If you've done your homework well and kept on top of things there most probably won't be one. Unluckily if you're using a provider to supply the machine itself it's most likely virtual, meaning a vulnerability in the VM could be used to exploit not only _your_ VM, but very likely thousands of others as well. In that case, expect not to recover it. You'll want to know that you have backups you can rely on; to me that means it's in my office, not in some cloud in nobody-knows-where, and I made it last night. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml