I am planning to use ClamAV to virus scan files being uploaded to a Web Application running on Ubuntu Servers.
ClamAV will be installed on a dedicated server and when the file is being uploaded, the bytes will be scanned using the clamMD daemon (using java sockets) and checked for virus. Most of my webapp users will be Windows based so I am expecting ALL possible windows based viruses.
My question is, has someone used ClamAV in production for such a use case/setup..?
I have heard that ClamAV being open source is slow when updating virus definitions related to Windows Virus and thus may allow some infected files to get through.
Or is it best to go with a commercial option? If yes, can someone suggest me possible reliable vendors who provide virus scan engines install-able on Linux and have used those vendors for the above set-up?
Best Answer
We use clamav as the standard scanner for linux. We update the signatures every hour and each clamav server polls the signature updates from a local installserver.
Since this is almost the last security line and we are in a well protected environment we never ever did see a real virus. But I have no doubt that clamav will do the job (we did some tests with EICAR).