3
Windows Defender and Clam AV
Question asked by jev.sapasap - 8/31/2021 at 8:10 AM
Unanswered
Hi, since windows defender and clam AV are both available.
What is the benefit of turning both on?
Clam AV is consuming lots of memory, can we turn this off and just use the built in Windows Defender.
Any thoughts?

12 Replies

Reply to Thread
1
Kyle Kerst Replied
Employee Post
Hello Jev! The best reason for running both would be false negative scenarios. If one of them doesn't catch it, the hope is that the other will. I hope this helps!
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
1
Employee Replied
Employee Post
Jev,

To add to what Kyle said, you can turn Clam AV off and try using just Windows Defender. While we do suggest using both, it will be up to you, as the server admin, what best fits your needs. Keep in mind, that you can turn Clam AV back on if needed.
0
jev.sapasap Replied
Thank you Kyle/Emily

1
echoDreamz Replied
ClamAV protection though is sorta like using aluminum foil for a vest instead of Kevlar…
0
Sabatino Replied
Hello
I use
ClamAv
Windows Defender
 Cyren

With windows defender I had some problems but it seems related to the installation of the operating system (I have recently migrated to the new server and now it seems ok)

For clamAv I have made some corrections

In C: \ Program Files (x86) \ SmarterTools \ SmarterMail \ Service \ Clam \ etc

edit freshclam.conf and added downloads of
securiteinfo.hdb
securiteinfo.ign2
(see https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml).
I only added these two signatures, the others give me too many fakes.

also in clam.conf i added
PhishingScanURLs no

Otherwise it was giving me false positives

Now it seems that everything is working fine
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
0
ActorMike Replied
It would be nice to get some real-world responses here. My instincts tell me that Windows defender is sufficient and running clam likely has no benefits, however at the same time, contrary to the post above, clam only uses ~64MB of memory and our server has 32GB of RAM so obviously that is not impactful.

I'm tempted to remove it because there are also disadvantages to running unnecessary software, it's one more thing that can cause an issue down the road for unforseen reasons.


3
Kyle Kerst Replied
Employee Post
We recently implemented some changes to our antivirus setup in our production-test environments so that we can better gauge what Defender/Clam/etc are actually catching, so hope to have some details for you on this in the near future. 

With that being said, ClamAV has been found to be good at catching general threats, and so makes a good default/backup at the very least. Windows Defender is a pretty robust solution as well and is now integrated with our antivirus options in SmarterMail. 

Ultimately though, you can also implement your own third-party solution as well so long as it supports command-line based scanning operations. So, we recommend using a combination of approaches for best results.
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
Juan Lai Replied
Recently we found a lot of users not able to upload excel files. Finally we found if we disable Windows defender, everything will be ok. It's wired it's only block office files. Some of the files are directly generated by SQL SSRS. 
Anyone has the same issue?
0
ActorMike Replied
Windows defender crashed our server on an out-of-memory problem so we ended up turning it off. :-( Does anyone know if there are some exclusions we need to add to avoid this?

PS Server has 32GB Ram and still had 52% memory free at the time.
1
Kyle Kerst Replied
Employee Post
Hi Mike, you should have these exclusions in place. Please be sure to adjust the pathing to match your environment: 

Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
0
ActorMike Replied
@Kyle- I did this, but it was when the antivirus was disabled, perhaps it needed to be enabled and then the exclusions added? I will try again and see if that resolves.
0
Kyle Kerst Replied
Employee Post
You should be able to do this in any order, but that might be worth a shot. A good way to confirm if the exclusions are added properly is downloading Process Monitor from Microsoft (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) You can configure it with filters, so you can use something like this:

IF PATH CONTAINS C:\SMARTERMAIL\DOMAINS THEN INCLUDE
IF PROCESS NAME IS MAILSERVICE.EXE THEN EXCLUDE
IF PROCESS NAME IS CLAMD.EXE THEN EXCLUDE
ETC...

Just be sure to tailor the pathing here too so it matches where your data is kept. Once those filters are in place you should see only third-party file access to the domain/user files which can introduce file locking and lead to resource or corruption issues.  I hope that helps!
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com

Reply to Thread