Page 1 of 1

Which antivirus to use?

Posted: 2018-12-27 14:59
by nschoot
Hi,

I am long time HMailserver user and all this time I've been using ClamAV as my virus scanner. However, the amount of memory that ClamAV needs is getting rediculous. Right now it's jusing 575MB of RAM.

I'm also running ClamWin, which could also be used for mail scanning, however, it takes 10+ seconds to perform the ClamWin Test in the HmailServer Administrator tool, so I'm not going to enable this as an alternative.

There are only two other options:

1. Disable AV (which does not seem a gigantic risk, since the Virus detected counter generally does not show a lot of viruses detected
2. Find an "external" antivirus tool which performs well and probably is not open source.

What's your experience? Any advice?

Note that this is a VPS, so adding RAM is not that trivial (= more costly than an AV subscription)

Re: Which antivirus to use?

Posted: 2018-12-27 15:29
by jimimaseye

Re: Which antivirus to use?

Posted: 2018-12-28 00:56
by RvdH
jimimaseye wrote:
2018-12-27 15:29
viewtopic.php?f=21&t=26829
How should that help him? He likes to ditch Clam as you can read

@nschoot, the amount of RAM used by ClamAV is outrageous, i agree...but there are very few (working) alternatives
Some people tried Windows Defender/MSE, but in my experience this is'nt very reliable (false virus triggering when an attachment/file can't be read properly)

Re: Which antivirus to use?

Posted: 2018-12-28 01:41
by jimimaseye
RvdH wrote:
2018-12-28 00:56
jimimaseye wrote:
2018-12-27 15:29
viewtopic.php?f=21&t=26829
How should that help him? He likes to ditch Clam as you can read
Thats what comes with reading on a tiny phone screen and not seeing the total detail (i missed him referencing clamav already)

Re: Which antivirus to use?

Posted: 2018-12-31 14:29
by nschoot
Thanks for the replies. I am indeed using ClamAV as a service and ClamWin as "desktop protection".

Just thinking out loud a bit:

- I'm using ESET nod32 on other computers as desktop protection, but I'm not sure whether it would install on Windows Server. If it would it would be worth figuring whether it could work as an e-mail scanner...
- Any idea to what extent "on access" scanning would also catch viruses embedded in e-mail? Probably not as the mails are stored in "raw" format on disk, including the encoded attachments... Right?

Re: Which antivirus to use?

Posted: 2019-01-01 02:42
by mattg
Read the 'incompatible software' here >> https://www.hmailserver.com/documentati ... quirements

That speaks about a specific component of NOD32, not all of NOD32

on access scanners are the real problem
You need to exclude the data directory.

How are you using ClamWIN?
Can you run this and post the detail please >> http://www.hmailserver.com/forum/viewto ... 20&t=30914

Re: Which antivirus to use?

Posted: 2019-01-01 16:00
by palinka
nschoot wrote:
2018-12-27 14:59
I'm also running ClamWin, which could also be used for mail scanning, however, it takes 10+ seconds to perform the ClamWin Test in the HmailServer Administrator tool, so I'm not going to enable this as an alternative.
That's a crazy long time. I can tell you that implementing Jimi's strategy of running clamwin/clamav as a service will bring the CPU overhead down substantially. Of course that won't solve your memory issues, but it's a good start.

viewtopic.php?f=21&t=26829

Re: Which antivirus to use?

Posted: 2019-01-02 02:15
by mattg
Depending on how the OP is using ClamWIN. If ClamWIN is used by the hmailserver builtin connector for ClamWIN, hmailserver will actually use MUCH more memory, as ClamWIN by itself is not multithreading.

That why the tutorial you mention was created. It creates a multi threading service from ClamWIN, like the way that ClamAV works on Linux.

Most scans on my system are 2-3 seconds. I connect to my Ubuntu server on my LAN. I also include Clam scans in my SpamAssassin set up.

Re: Which antivirus to use?

Posted: 2019-01-02 09:56
by jimimaseye
From reading the opening post it would seem the OP is using Clamav in the same way: Clamav for HMS email scanning and he has Clamwin as an option but doesnt use it. Effectively he has already converted to Clamd. His problem is that he doesnt like the amount of memory Clamd uses (and I concur that it sits around using 575MB of RAM. This is something that some users of Clamav argue is not acceptable compared to other products and he is looking for an alternative (eg, Avira free edition on my laptop is running at about 200MB).

Personally, being a server, one should expect to have a lot of RAM be required by running services and software and given the effectiveness of the Sane definitions its worth trying to adapt to it by installing more if necessary. (If he isnt using the Sane or Securiteinfo definitions then yes it really not worth the memory footprint).

Re: Which antivirus to use?

Posted: 2019-01-04 00:35
by nschoot
I appreciate all the ideas and suggestions ... But using ClamWin would only make sense when it would be without ClamAV... Because my main motivation to do this would be to get rid of the ClamAV memory usage (by getting rid of ClamAV). In the mean time I learnt that the time ClamWin is taking is to load the AV signatures. While doing this, the RAM usage increases to the size of ClamAV, so this is a dead end for me. (It's not even considering the problem that HMailserver would potentially fire up multiple instances when mail would be received in parallel).

So, back to the drawing board...

(btw, I totally missed that remark about Eset in the system requirements. Thanks for pointing that out. In the mean time I also found that Nod32 won't install on Windows Server, so it's a dead in multiple ways).

Re: Which antivirus to use?

Posted: 2019-01-04 00:55
by nschoot
Btw, thanks for the sanesecurity hint... I wasn't aware of those definitions. :shock: Now I obviously have no other choice to add those to ClamAV as well :cry: :lol: ... So my ClamAV memory usage is now 625MB...

Note that for normal operation, the available RAM kind of suffices. I just started noticing that my server didn't update anymore because of lack of RAM during the update process. I enabled a pagefile now - which is not ideal - but works for now.

Re: Which antivirus to use?

Posted: 2019-01-04 03:16
by insomniac2k2
Well at least you now have a working antivirus solution instead of just a memory hog. ClamAV alone is just bad! :)
nschoot wrote:
2019-01-04 00:55
Btw, thanks for the sanesecurity hint... I wasn't aware of those definitions. :shock: Now I obviously have no other choice to add those to ClamAV as well :cry: :lol: ... So my ClamAV memory usage is now 625MB...

Note that for normal operation, the available RAM kind of suffices. I just started noticing that my server didn't update anymore because of lack of RAM during the update process. I enabled a pagefile now - which is not ideal - but works for now.

Re: Which antivirus to use?

Posted: 2019-07-29 14:07
by agatha
ClamAV works quite good. And yes, it needs some RAM as it loads the signatures into the RAM. So it is fast, when Mails are scanned.

In my setting, it uses about 1,2 GB RAM. But so what? RAM is cheap and for little money you buy a lot of performance.

Re: Which antivirus to use?

Posted: 2019-08-02 15:56
by paultilley100
nschoot wrote:
2019-01-04 00:35


(In the mean time I also found that Nod32 won't install on Windows Server, so it's a dead in multiple ways).
Definately not dead.... just the wrong version. Im using ESET File Security (For MS Windows Server) on Server 2012.
Works great!

Re: Which antivirus to use?

Posted: 2019-11-12 11:24
by nschoot
agatha wrote:
2019-07-29 14:07
ClamAV works quite good. And yes, it needs some RAM as it loads the signatures into the RAM. So it is fast, when Mails are scanned.

In my setting, it uses about 1,2 GB RAM. But so what? RAM is cheap and for little money you buy a lot of performance.
It's not that cheap... with servers running as VPS-es nowadays... Every GB of RAM adds to the monthly bill. But besides that, it's also a bit of principle to me. It's a virus scanner for pete's sake, it's supposed to be a helper service running next to the main services. But instead it's almost (if not) the heaviest application that runs on this server. Back in the Exchange days, I was running 3 or 4 scanning engines and it wasn't that heavy.

I guess you get what you pay for...

Re: Which antivirus to use?

Posted: 2020-02-04 16:50
by agatha
Well, it is a question of the design. When the signatures are already loaded in the RAM, it is fast. Especially when lots of Mails have to be scanned.