Bye Bye clamAV and thanks for the fish :D

I found an entry in the wiki that with the next core update clamAV and the squid extension will be removed from pakfire.
Will there be a replacement for this or does this just fall away without an alternative, so is a virus scanner no longer needed?

Since more that 95% of the traffic is encrypted and not scanable on the firewall it is not worth the afford because it gives only false security. Virus-scanners must installed on all endpoints in the network.


OK good to know that.
For the people who run an IPFire as an Raid1 NAS on the Internet connection with SMB and FTP over VPN, it would be an advantage to keep ClamAV. Here the data is not encrypted internally at HDD. Or switch to OpenMediaVault + IPFire but then are two devices.


Not judging others here, just my own opinion. IPFire is really NOT the right tool for a NAS nor a NAS should be a firewall. IPFire + OpenMediaVault is the way to go for both security and the files health.


You can judg, but you need to know whole story first.
I have many installations, IPFire as Access Point/OpenWRT was not my thing, IPFire as NAS at DMZ, IPFire as main Firewall, IPFire as Nameserver … And I have one IPFire NAS for guest, that is as my cloud, connected to router.


There was some confusion in the update that was made in the wiki on Clamav.

I have corrected this now.

It is not Clamav that will be removed from the IPFire addons but SquidClamav.

SquidClamav is a helper application to use Clamav to screen the traffic going through the Web Proxy. Of course SquidClamav can only screen http traffic and as the vast majority of traffic is now encrypted https then Squid Clamav has become redundant.

Clamav will still be available to use in IPFire as a standalone package and is kept up to date. It is currently on version 1.1.0 which is the current released version.

So if a mail server using the postfix addon has been set up in IPFire then clamav will still be able to be used to screen the mail. Clamav can also still be used to screen files in File Server systems that have been installed on IPFire.

Neither of the above are things that I would place on my Firewall system but they are available for people to use.
Note that using Clamav will utilise a lot of resources, especially memory so make sure you have enough memory to not starve your firewall functions.


I don’t think it is possible with a little group of core developers to a maintain a Linux distribution for many appearances ( internet gateway with firewall; NAS; DNS server; … ).

We should concentrade on the main purpose “IPFire is a dedicated firewall that can be installed in any network - from data center down to your home. It is secure, fast and very versatile.” ( cited from wiki ).

As this IPFire mainly works on IP traffic originating from end points ( hopefully encrypted, by HTTPS for example ).
Not being a man-in-the-middle device, a virus scanner like ClamAV is useless!


IPFire is hardend … It have every thing a person can wish, to have at an own NAS.
So why not use an seperate installation as an NAS??
Raid1 …
CalmAV …
Can block GeoIP …
Have IDS function …
Have IP block …
Great firewall …


I would go even further, even if IPFire had 10 X as much resources, it would be better to channel those to improve the firewall role above everything else. Specialization is based on choosing incompatible tradeoffs.


as i said, not judging. My statement was a generic one and I am well aware that the choices of a sysadmin are very nuanced and context-dependent.

Even the Unix philosophy of “Write programs that do one thing and do it well” has been violated numerous times, by people that knew what they were doing and have chosen not to be dogmatic and accept a number of tradeoffs and consequences of their choices.

A curiosity, how do you deal with the zones when you use IPFire as an hardened Linux Distro to operate inside your network?


Thank you for clarification!

:weary: :see_no_evil: I was so much expecting to see OSSEC or rottkithunter even a wazuh server. But but, 2013 no updates by CISCO in virus sigantures? Zones should be VLAN separated traffic. so that possible bully devices don’t mess with passive well cared devices :). I think that’s called a Layer 2 separation. Like a green a blue and a orange NICS can give us 3 isolation Vlans each VLAN supporting the number of IPs defined by the sbnetmask.
Please consider rkhunter or OSSEC as an option to the legacy clamav
Regards G70P



404 error :see_no_evil:, I did a git from rkhunter download page after downloading the git addon, but well it’s not integrated so it’s not monitored in the between cores of workloads in ipfire might some definition be not well instaled. well I’m not a programmer. but anyways … getting the best to the ecosystem in what I can help. Info status- Cleared Thanks
Regards. G70P

I was hoping you’d see this. I think it is why the rkhunter add-on was removed…


Well, this is marketing for success. This feature knowledge should be stressed out in site and as well in the news.
ok but anyways after setting up a raid and virtualize a qemu agent I’ll have to install ubuntu in order to deploy a whazu opensource security for server to check my endpoints SIEM. CISCO by anyways bought that wonderfull job that the author and the team was doing with clamav and left the only AV in the market for linuxes asside due to other marketing and money goals. I’m quite sure this opensource SIEM project included in ipfire would bring new clients and as well release coredevs from the malware segment hardwork leaving space for the top firewall.