From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 15:04:22 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E0BBE1065676 for ; Fri, 27 Jul 2012 15:04:22 +0000 (UTC) (envelope-from prvs=548d9a461=pschmehl_lists@tx.rr.com) Received: from ip-002.utdallas.edu (ip-002.utdallas.edu [129.110.20.108]) by mx1.freebsd.org (Postfix) with ESMTP id AF3BB8FC08 for ; Fri, 27 Jul 2012 15:04:22 +0000 (UTC) X-Group: None X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkIPADetElCBbgogOWdsb2JhbABFqgmPSwEBAQEXgnQBAQQBOAJECwsOOEMUBgESiAcGumqLUBqFemADiE2gBYFB X-IronPort-AV: E=Sophos;i="4.77,667,1336366800"; d="scan'208";a="97292197" Received: from zxtm01.utdallas.edu (HELO [129.110.200.11]) ([129.110.10.32]) by ip-002.utdallas.edu with ESMTP/TLS/DHE-RSA-AES256-SHA; 27 Jul 2012 10:02:30 -0500 Date: Fri, 27 Jul 2012 10:02:26 -0500 From: Paul Schmehl To: Daniel Bye , FreeBSD Questions Message-ID: <749F391EFB9AA6234EF1AFF4@localhost> In-Reply-To: <20120727104308.GA4834@catflap.slightlystrange.org> References: <20120727104308.GA4834@catflap.slightlystrange.org> X-Mailer: Mulberry/4.1.0a1 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline; size=944 Cc: Subject: Re: On-access AV scanning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 15:04:23 -0000 --On July 27, 2012 11:43:08 AM +0100 Daniel Bye wrote: > Are there any current options available to support on-access antivirus > scanning on FreeBSD? > Clamav. I did some testing several years ago with ClamAV, Sophos and McAfee (scanning incoming mail), and ClamAV was comparable to McAfee in detection rates - over 98%. If you run the daemon you have on access scanning. Seems like that would satisfy the policy. It's in ports, so it should be easy to install and keep up to date. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson "There are some ideas so wrong that only a very intelligent person could believe in them." George Orwell