Is it possible to use a 3rd party antivirus ?
-
On the mail server?
I found this
https://haraka.github.io/plugins/esets
Was wondering if it would be compatible to put on cloudron? -
@AartJansen I guess to scan attachments? I haven't tried the plugin yet but probably worth investigating. Currently, it's not possible to enable this on the mail server. I guess it needs esets also to be configured.
-
I haven't used the ESET for Linux mail server before, but assuming it's like the exchange version it offers a console to do attachment scanning and spam blocking with a much easier management interface than spam assassin. Which would be nice to handle end user mail issues with Small Business clients.
-
Genuinely curious how people scan their machines for malicious files. With many major recent WordPress vulnerabilities that were knowingly exploited, it’s made me think a bit more on how to monitor for such things. Of course there are tools within the WordPress ecosystem for example for monitoring things and I utilize these already to an extent, however, those are certainly not infallible so they’re usually best combined with a scanning tool at the server level as well from what I’ve been reading.
I was wondering if anybody is implemented something like this and what tools they might recommend. It seems like a popular one is ClamAV, but not sure how this may impact server performance (I guess I’ll just have to try). Any other recommendations that people can vouch for? I figured it doen’t even need to scan the whole server but just the boxdata folders for example which may help on minimizing any possible performance impact.
-
@d19dotca We have successfully used Cloudmersive's API. That being said, they dropped the ball on a bug we reported and we had to implement a workaround. But other than that, it has worked well for us. When users upload a file via browser, we quarantine the file and if it scans clean, we move it into a user's personal storage.
Multiple languages are supported with API libraries. We chose to integrate using cURL to reduce dependencies.
@girish I don't know whether a "listener" process could be attached to Cloudron folders when a file was added or updated and then virus scanned via API before allowing user access. But this could get expensive for servers processing lots of files/attachments as only 800 monthly scans are free.
