Back to Community Threads
Windows Defender and Clam AV
Question asked by jev.sapasap - 8/31/2021 at 8:10 AM
Unanswered
Hi, since windows defender and clam AV are both available.
What is the benefit of turning both on?
Clam AV is consuming lots of memory, can we turn this off and just use the built in Windows Defender.
Any thoughts?
Kyle Kerst Replied
8/31/2021 at 11:46 AM
Employee Post
Hello Jev! The best reason for running both would be false negative scenarios. If one of them doesn't catch it, the hope is that the other will. I hope this helps!
Kyle Kerst Lead Internal Network/System Administrator SmarterTools Inc. smartertools.com
Employee Replied
8/31/2021 at 11:54 AM
Employee Post
Jev,

To add to what Kyle said, you can turn Clam AV off and try using just Windows Defender. While we do suggest using both, it will be up to you, as the server admin, what best fits your needs. Keep in mind, that you can turn Clam AV back on if needed.
jev.sapasap Replied
9/3/2021 at 9:10 AM
Thank you Kyle/Emily
echoDreamz Replied
9/3/2021 at 6:29 PM
ClamAV protection though is sorta like using aluminum foil for a vest instead of Kevlar…
Sabatino Replied
9/6/2021 at 4:02 PM
Hello
I use
ClamAv
Windows Defender
 Cyren

With windows defender I had some problems but it seems related to the installation of the operating system (I have recently migrated to the new server and now it seems ok)

For clamAv I have made some corrections

In C: \ Program Files (x86) \ SmarterTools \ SmarterMail \ Service \ Clam \ etc

edit freshclam.conf and added downloads of
securiteinfo.hdb
securiteinfo.ign2
(see https://www.securiteinfo.com/services-cybersecurite/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml).
I only added these two signatures, the others give me too many fakes.

also in clam.conf i added
PhishingScanURLs no

Otherwise it was giving me false positives

Now it seems that everything is working fine
Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
ActorMike Replied
4/6/2022 at 5:09 AM
It would be nice to get some real-world responses here. My instincts tell me that Windows defender is sufficient and running clam likely has no benefits, however at the same time, contrary to the post above, clam only uses ~64MB of memory and our server has 32GB of RAM so obviously that is not impactful.

I'm tempted to remove it because there are also disadvantages to running unnecessary software, it's one more thing that can cause an issue down the road for unforseen reasons.
Kyle Kerst Replied
4/6/2022 at 7:04 AM
Employee Post
We recently implemented some changes to our antivirus setup in our production-test environments so that we can better gauge what Defender/Clam/etc are actually catching, so hope to have some details for you on this in the near future. 

With that being said, ClamAV has been found to be good at catching general threats, and so makes a good default/backup at the very least. Windows Defender is a pretty robust solution as well and is now integrated with our antivirus options in SmarterMail. 

Ultimately though, you can also implement your own third-party solution as well so long as it supports command-line based scanning operations. So, we recommend using a combination of approaches for best results.
Kyle Kerst Lead Internal Network/System Administrator SmarterTools Inc. smartertools.com
Juan Lai Replied
4/6/2022 at 6:12 PM
Recently we found a lot of users not able to upload excel files. Finally we found if we disable Windows defender, everything will be ok. It's wired it's only block office files. Some of the files are directly generated by SQL SSRS. 
Anyone has the same issue?
ActorMike Replied
4/13/2022 at 5:36 AM
Windows defender crashed our server on an out-of-memory problem so we ended up turning it off. :-( Does anyone know if there are some exclusions we need to add to avoid this?

PS Server has 32GB Ram and still had 52% memory free at the time.
Kyle Kerst Replied
4/13/2022 at 7:44 AM
Employee Post
Hi Mike, you should have these exclusions in place. Please be sure to adjust the pathing to match your environment: 
Kyle Kerst Lead Internal Network/System Administrator SmarterTools Inc. smartertools.com
ActorMike Replied
4/13/2022 at 8:09 AM
@Kyle- I did this, but it was when the antivirus was disabled, perhaps it needed to be enabled and then the exclusions added? I will try again and see if that resolves.
Kyle Kerst Replied
4/13/2022 at 9:13 AM
Employee Post
You should be able to do this in any order, but that might be worth a shot. A good way to confirm if the exclusions are added properly is downloading Process Monitor from Microsoft (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) You can configure it with filters, so you can use something like this:

IF PATH CONTAINS C:\SMARTERMAIL\DOMAINS THEN INCLUDE
IF PROCESS NAME IS MAILSERVICE.EXE THEN EXCLUDE
IF PROCESS NAME IS CLAMD.EXE THEN EXCLUDE
ETC...

Just be sure to tailor the pathing here too so it matches where your data is kept. Once those filters are in place you should see only third-party file access to the domain/user files which can introduce file locking and lead to resource or corruption issues.  I hope that helps!
Kyle Kerst Lead Internal Network/System Administrator SmarterTools Inc. smartertools.com
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Microsoft Defender Antivirus and Virus Scanner ExceptionsSmarterMail > Troubleshooting
Reducing ClamAV False PositivesSmarterMail > Troubleshooting
Remote Server returned: '602' errorSmarterMail > Troubleshooting
ClamAV 3310 Errors in Delivery LogsSmarterMail > Troubleshooting
Completely Uninstall SmarterMailSmarterMail > Server Configuration and Management