On the topic of ClamAV's subpar detection, using ClamAV with fangfrisch is a must. It adds a bunch of 3rd party signatures to ClamAV that makes it comparable to commercial Antivirus solutions.
I was just setting up a Nextcloud instance with ClamAV, this will be super handy. I always thought ClamAV was a bit weak, but I've always figured better than nothing.
Thanks for the feedback @jacksoncremean1664 that's already on my list to review for next year :D, But it seems there's a bigger challenge to using it in Docker, so I'll have to look at this.
I've been labbing for years and only recently started applying my 20 years experience (Sr. DevSecOps Engineering) to building my lab into the division of production (DMZ) and RnD (dev+test). This video was truly helpful to understand that FOSS can be use fully to protect my start-up-business-idea-in-home-lab equipment! Thank you for your videos and work you put in to making them; keep it up!
You have not understood in 20 years of professional experience what advantages FOSS brings with it? I am not an evangelist for FOSS, but in my 20 years of professional experience >90% of OSes, tools, and platforms were and are FOSS :)
Don't be rude guys, everyone has to start somewhere, even experienced IT guys are beginners in fields they never touched on, don't forget that! ;) @mikigurevich4477 thank you so much for the kind words! I'm glad the videos helped you
Thanks Christian for sharing about ClamAV. After setting up ClamAV, I believe it is a bit lacking to demo malware logging solution to log. ClamAV logging format is not normal, no standardized format which ingesting difficult to any SIEM platform. Installation of ClamAV is also a pain to setup. There are over 8 libraries I had to setup on Redhat. After getting ClamAV and ClamDaemon installed and configured, you’ll need to schedule a cron to run scans. ClamAV daemon doesn’t monitor files automatically. Verbose logging is also lagging. ClamAV cannot send logs via remote syslog server.
That's why you have to pay for a security platform if you want that to work out-of-the-box. With free and open-source tools you sometimes have to fiddle around ;)
Wazuh provides a pre-built virtual machine image in Open Virtual Appliance (OVA) format. It uses Amazon Linux 2 as the OS. It is my understanding that AL2 is basically forked Redhat, but I still feel uneasy running an Amazon rolled OS. How crazy is this? any thoughts?
Great video! I was already aware of clamav but had never taken it further than the command line. You’ve definitely piqued my interest in Wazuh; I’m curious to see what else we could do with it.
@christianlempa do you have anywhere the config files in a repo or something? Also my question is, is it possible to use clamav on a dedicated container/Lxc/VM to scan a few systems or a entire dedicated network? Looking for such a solution for my Homelab.
Hello Christian. It would be wonderful to get a solution for Spam/AV scanning on WINDOWS 11. I mean, I have Outlook 2019 running on an IMAP mail gate of my DNS provider and Iget SPAM thats not normal. How can I avoid this? Best regards Martin
First time I ever watched this channel, but I will bite myself in the butt (or try my best to) if Christian isn't German! Well a good indicator he's more likely to know what he is talking about than not. On the topic of Clam AV: I think its great 🤫but also still scares me for being so used to Popups, with update notifications, virus and malware warnings, only to tell you you may have a virus, get it wrong often, and has warnings for things it does a poor job at removing without breaking all sorts, or not removing anything at all, even when up to date... and to really do what they say they can do turns out to be mostly just give you a clue, pretending it's doing you a favor, and you end up having to do the most of the removal manually or risk it taking out stuff, and justifying it's price by how well it prevents intrusion while annoying you more than anything else! I have had them from DOS, and all flavors of Windows, home, media pro NT's and all, Up to 7 before I nuked Windows, ditched everything Microsoft, even busted up all install media to have no fallback to pull me away from getting with the Linux program, and forced myself through Linux boot camp! Freakin' best computing decision I ever made! The scary part is that I never had even the slightest sign of a virus, nor any other malware, nor even the slightest peep ever from it, which is troubling, because it feels like it's not running at all, and could at least tell me like 4 times a year "Hey I'm still here doing my thing, everything is A-OK,so nothing to worry about, see you in three months"! I don't even know if it has ever found an intrusion, or so good at eliminating them there's no need to bother me with it!?!?!?🧐🤔
Sponsorships help me to get compensated for the countless hours of researching, planning and producing content that is free to watch for everybody. Without placements, it wouldn't be possible to make all these tutorials.
@@christianlempa Of course! That doesn’t change the fact that for the viewer, it’s hard to determine which things from this video you actually agree with, and which you’re paid to say. The word ‘advertisement’ on the screen isn’t very obvious, so I though it good to point this out in the comments. If people want to watch an advertisement, that’s fine with me, but they should know about it.
@@loop-0-2 I never say anything just because I'm paid to do. That's why you never see any advertisement for shady Temu products, or any crappy Homelab gear because I decline these deals. All of it is authentic, but I'm getting paid to make videos about specific topics and tools like Wazuh in this case, but they didn't tell me what exactly I should cover or say.
Please make more videos with Wazuh!! I love this security videos.
Good idea! Let's see what I can do with it ;)
On the topic of ClamAV's subpar detection, using ClamAV with fangfrisch is a must. It adds a bunch of 3rd party signatures to ClamAV that makes it comparable to commercial Antivirus solutions.
I was just setting up a Nextcloud instance with ClamAV, this will be super handy. I always thought ClamAV was a bit weak, but I've always figured better than nothing.
Thanks for the feedback @jacksoncremean1664 that's already on my list to review for next year :D, But it seems there's a bigger challenge to using it in Docker, so I'll have to look at this.
Any projects looking to do this as a unified package with a easy installer (maybe flatpak) now that ClamGTK is no more?
A small contribution to make more non-advertised videos about security possible
Wow, thank you so much 😊 🤝
I've been labbing for years and only recently started applying my 20 years experience (Sr. DevSecOps Engineering) to building my lab into the division of production (DMZ) and RnD (dev+test).
This video was truly helpful to understand that FOSS can be use fully to protect my start-up-business-idea-in-home-lab equipment! Thank you for your videos and work you put in to making them; keep it up!
You have not understood in 20 years of professional experience what advantages FOSS brings with it? I am not an evangelist for FOSS, but in my 20 years of professional experience >90% of OSes, tools, and platforms were and are FOSS :)
If you're only now figuring this out after 20 years then please resign and never go back to work.
Don't be rude guys, everyone has to start somewhere, even experienced IT guys are beginners in fields they never touched on, don't forget that! ;)
@mikigurevich4477 thank you so much for the kind words! I'm glad the videos helped you
Another informative video. Keep it up Christian!
Thank you so much!! :)
Thanks for making this kind of videos, as an cybersecurity student it helps me a lot!
Great to hear!
Thanks for sharing! Would like to see more of this!!
Thank you :)
Obrigado!
Thank you so much for your support ❤️
What's the point when ClamAV misses about 80% of viruses compared to others?
Use fangfrisch with ClamAV for the better detection.
The point is to learn about the technology, how AV engines work and how to connect it to a SIEM
Compared to..? Paid solutions I assume?
Thanks Christian for sharing about ClamAV. After setting up ClamAV, I believe it is a bit lacking to demo malware logging solution to log. ClamAV logging format is not normal, no standardized format which ingesting difficult to any SIEM platform. Installation of ClamAV is also a pain to setup. There are over 8 libraries I had to setup on Redhat. After getting ClamAV and ClamDaemon installed and configured, you’ll need to schedule a cron to run scans. ClamAV daemon doesn’t monitor files automatically. Verbose logging is also lagging. ClamAV cannot send logs via remote syslog server.
That's why you have to pay for a security platform if you want that to work out-of-the-box. With free and open-source tools you sometimes have to fiddle around ;)
Wazuh provides a pre-built virtual machine image in Open Virtual Appliance (OVA) format. It uses Amazon Linux 2 as the OS.
It is my understanding that AL2 is basically forked Redhat, but I still feel uneasy running an Amazon rolled OS. How crazy is this? any thoughts?
Wazuh is actually really good. I would take sponsored videos that are good content.
THanks! :)
Great video! I was already aware of clamav but had never taken it further than the command line. You’ve definitely piqued my interest in Wazuh; I’m curious to see what else we could do with it.
Awesome! Thank you so much for the feedback :)
It was 🔥🔥🔥.
Thx! :)
@christianlempa do you have anywhere the config files in a repo or something?
Also my question is, is it possible to use clamav on a dedicated container/Lxc/VM to scan a few systems or a entire dedicated network?
Looking for such a solution for my Homelab.
Sure: github.com/ChristianLempa/boilerplates
I'm still looking into clamav and containers, I think that's where I need more time researching it
Didn't clamAV have some big issue last year? Are they better now? Never heard anything after that report about them fixing anything
Does anyone know about Falco Security? Its seems good though and its docker based.
Hello Christian. It would be wonderful to get a solution for Spam/AV scanning on WINDOWS 11. I mean, I have Outlook 2019 running on an IMAP mail gate of my DNS provider and Iget SPAM thats not normal. How can I avoid this? Best regards Martin
Has there been a mitigation on cups yet?
👏👏👏
First time I ever watched this channel, but I will bite myself in the butt (or try my best to) if Christian isn't German! Well a good indicator he's more likely to know what he is talking about than not.
On the topic of Clam AV: I think its great 🤫but also still scares me for being so used to Popups, with update notifications, virus and malware warnings, only to tell you you may have a virus, get it wrong often, and has warnings for things it does a poor job at removing without breaking all sorts, or not removing anything at all, even when up to date... and to really do what they say they can do turns out to be mostly just give you a clue, pretending it's doing you a favor, and you end up having to do the most of the removal manually or risk it taking out stuff, and justifying it's price by how well it prevents intrusion while annoying you more than anything else! I have had them from DOS, and all flavors of Windows, home, media pro NT's and all, Up to 7 before I nuked Windows, ditched everything Microsoft, even busted up all install media to have no fallback to pull me away from getting with the Linux program, and forced myself through Linux boot camp! Freakin' best computing decision I ever made!
The scary part is that I never had even the slightest sign of a virus, nor any other malware, nor even the slightest peep ever from it, which is troubling, because it feels like it's not running at all, and could at least tell me like 4 times a year "Hey I'm still here doing my thing, everything is A-OK,so nothing to worry about, see you in three months"! I don't even know if it has ever found an intrusion, or so good at eliminating them there's no need to bother me with it!?!?!?🧐🤔
It’s a shame this whole video is an ad. I’d love to watch an unsponsored video on how to secure my servers
?
Sponsorships help me to get compensated for the countless hours of researching, planning and producing content that is free to watch for everybody. Without placements, it wouldn't be possible to make all these tutorials.
@@christianlempa Of course! That doesn’t change the fact that for the viewer, it’s hard to determine which things from this video you actually agree with, and which you’re paid to say. The word ‘advertisement’ on the screen isn’t very obvious, so I though it good to point this out in the comments. If people want to watch an advertisement, that’s fine with me, but they should know about it.
@@loop-0-2 I never say anything just because I'm paid to do. That's why you never see any advertisement for shady Temu products, or any crappy Homelab gear because I decline these deals. All of it is authentic, but I'm getting paid to make videos about specific topics and tools like Wazuh in this case, but they didn't tell me what exactly I should cover or say.
@@christianlempa that’s great to hear, keep up the amazing work, thank you!
Too bad Avira stopped offering AV for Linux. If anything, just use TLS / HTTPS decrypt and scan using Avira through the Sophos Firewall
its possible use this one in proxmox?
I haven't tried it yet, but I think you can install the wazuh agent and clamav on proxmox as well