Is KAV worth it?

[sky-knight]

Those stats right there, are one of the many reasons I love Untangle. Kaspersky + Clam + spyware module + ANY AV ENGINE on the desktop = darn near infection proof PCs.

I LOVE not doing AV removals.

[Big D]

Supposibly their hotspot network is a seperate network and different WAN IP entirely.

Yea the virus blocking works well. You just have to keep the UT server updated so the software engines for the AV are close to the latest build so they keep pulling down their defintions (looks at clamav ). Think Kaspersky is more tolerant of outdated AV engine but the latest works best.

[dell4242]

Quote:

Originally Posted by Big D

Heres a screenshot from one of our hardest hit sites with 49 days up

Most is from email with tarpitting enabled (thank god they finally bought commtouch). Goverment folks like porn and viagra apparently. Its crazy they usually have about 3 hour window to look at spam logs before having to go to the SSH logs and during a high activity spam attack they may have 20 minutes worth of logs.

It's interesting based on the totals it looks like the files that kaspersky removed weren't scanned by clam. So I'm guessing it does kapersky first then clam. I wonder what would happen if someone captured the smtp traffic and then scanned them on racks with only kaspersky or clam enabled and then on a rack with both.

[dell4242]

Quote:

Originally Posted by dell4242

It's interesting based on the totals it looks like the files that kaspersky removed weren't scanned by clam. So I'm guessing it does kapersky first then clam. I wonder what would happen if someone captured the smtp traffic and then scanned them on racks with only kaspersky or clam enabled and then on a rack with both.

Scanning twice might also be interesting to find false possitives and for definition improvements, i.e. submit the files to clam and kapersky for further analisys.... Or possibly a third superscanner back at untangle for a definitive take one way or the other. Just thinking out loud.

[sky-knight]

As far as I'm aware, the scanning is done simultaneously, not sequentially... but I've never looked into the code to determine that.

The entire point of the virtual pipe-lining technology at the core of the UVM is to allow each rack module to act at the same time. It's why Untangle benefits so much from extra CPU cores. All of those processes all firing up all at the same time.

What the system really lacks is an engine to allow the modules to act together as a team. Currently they are a bunch of separate systems running on one system. Not a cohesive whole that react as one. That's why the reports are so scatter brained.

[dell4242]

Quote:

Originally Posted by sky-knight

As far as I'm aware, the scanning is done simultaneously, not sequentially... but I've never looked into the code to determine that.

The entire point of the virtual pipe-lining technology at the core of the UVM is to allow each rack module to act at the same time. It's why Untangle benefits so much from extra CPU cores. All of those processes all firing up all at the same time.

What the system really lacks is an engine to allow the modules to act together as a team. Currently they are a bunch of separate systems running on one system. Not a cohesive whole that react as one. That's why the reports are so scatter brained.

Ah interesting. Then that begs the question on why the number of files scanned are different. That's why I assumed they were sequential.
From the screenshot:
Kaspersy scanned
3439340
and Virus Blocker Scanned
3436079
What are these additional files? Does kaspersky allow additional types of files to be scanned? Or is it faster at quarenteening?

[BrentNewland]

We recently stopped using Kaspersky on our untangle server. While the untangle spyware module has scanned 825,000 pages since the last restart (90 days ago), the web filter module has scanned 475,000 pages, Clam has scanned 18,456, and Kaspersky was about the same as Clam. Clam hasn't blocked anything, and Kaspersky never did either.

I wish they had more options. I would pay for an Avira module.

[dwasserman]

Quote:

Originally Posted by BrentNewland

We recently stopped using Kaspersky on our untangle server. While the untangle spyware module has scanned 825,000 pages since the last restart (90 days ago), the web filter module has scanned 475,000 pages, Clam has scanned 18,456, and Kaspersky was about the same as Clam. Clam hasn't blocked anything, and Kaspersky never did either.

I wish they had more options. I would pay for an Avira module.

Or your users are too clean or some is misconfigured in your box.
The AV modules are so useful in all boxes I manage, especially with email.

[sky-knight]

KAV really doesn't make sense to me unless it's in front of a mail server. All other installations I have got KAV because they bought the bundle that happened to have it. The value is in the bundle, not the module.

[YeOldeStonecat]

Quote:

Originally Posted by dwasserman

Or your users are too clean or some is misconfigured in your box.
The AV modules are so useful in all boxes I manage, especially with email.

Yeah ours are working fine, 75 viruses blocked just yesterday.
At first I thought KAV wasn't doing much and Clam seemed to be bagging everything, but then on some days KAV is way ahead of Clam..they seem to alternate.