Hello Jev! The best reason for running both would be false negative scenarios. If one of them doesn't catch it, the hope is that the other will. I hope this helps!

Jev,

To add to what Kyle said, you can turn Clam AV off and try using just Windows Defender. While we do suggest using both, it will be up to you, as the server admin, what best fits your needs. Keep in mind, that you can turn Clam AV back on if needed.

Thank you Kyle/Emily

ClamAV protection though is sorta like using aluminum foil for a vest instead of Kevlar…

Hello
I use
ClamAv
Windows Defender
 Cyren

With windows defender I had some problems but it seems related to the installation of the operating system (I have recently migrated to the new server and now it seems ok)

For clamAv I have made some corrections

In C: \ Program Files (x86) \ SmarterTools \ SmarterMail \ Service \ Clam \ etc

edit freshclam.conf and added downloads of
securiteinfo.hdb
securiteinfo.ign2
(see https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml).
I only added these two signatures, the others give me too many fakes.

also in clam.conf i added
PhishingScanURLs no

Otherwise it was giving me false positives

Now it seems that everything is working fine

It would be nice to get some real-world responses here. My instincts tell me that Windows defender is sufficient and running clam likely has no benefits, however at the same time, contrary to the post above, clam only uses ~64MB of memory and our server has 32GB of RAM so obviously that is not impactful.

I'm tempted to remove it because there are also disadvantages to running unnecessary software, it's one more thing that can cause an issue down the road for unforseen reasons.

We recently implemented some changes to our antivirus setup in our production-test environments so that we can better gauge what Defender/Clam/etc are actually catching, so hope to have some details for you on this in the near future. 

With that being said, ClamAV has been found to be good at catching general threats, and so makes a good default/backup at the very least. Windows Defender is a pretty robust solution as well and is now integrated with our antivirus options in SmarterMail. 

Ultimately though, you can also implement your own third-party solution as well so long as it supports command-line based scanning operations. So, we recommend using a combination of approaches for best results.

Recently we found a lot of users not able to upload excel files. Finally we found if we disable Windows defender, everything will be ok. It's wired it's only block office files. Some of the files are directly generated by SQL SSRS. 

Windows defender crashed our server on an out-of-memory problem so we ended up turning it off. :-( Does anyone know if there are some exclusions we need to add to avoid this?

PS Server has 32GB Ram and still had 52% memory free at the time.

Hi Mike, you should have these exclusions in place. Please be sure to adjust the pathing to match your environment: 

@Kyle- I did this, but it was when the antivirus was disabled, perhaps it needed to be enabled and then the exclusions added? I will try again and see if that resolves.

You should be able to do this in any order, but that might be worth a shot. A good way to confirm if the exclusions are added properly is downloading Process Monitor from Microsoft (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) You can configure it with filters, so you can use something like this:

Just be sure to tailor the pathing here too so it matches where your data is kept. Once those filters are in place you should see only third-party file access to the domain/user files which can introduce file locking and lead to resource or corruption issues.  I hope that helps!