Hi. I'm just wondering what other people do about clamav, I have servers where it runs everyday but it seems like it just takes a long time, causes lots of load, and doesnt provide me much benefit. Everyday it reports a load of false positives, and very rarely finds an actual virus. These are centos web servers. I'm tempted to turn if off or just run it once a week?
ClamAV is fine for mail scanning, but I won't use it for full hard disk scans on a hosting system as it's results are too bad like you mentioned already.
It will be called up by the program which uses it, for example, maldet, clamscan, amivis etc. If the clamav daemon does not exist, they simply use the virus signatures. Don't worry. Just install everything and turn on the one you like.
agreed. Better uninstalling clamav or using clamscan or maldet. If you preserve freshclam you can limit the freshclam database updates to 1 time/day with the "Checks" parameter in /etc/clamav/freshclam.conf and limiting the scan to /var/vmail man: http://manpages.ubuntu.com/manpages/xenial/man5/freshclam.conf.5.html https://linux.die.net/man/1/clamscan