+1 to add Clamav. It's free!

I would also like to see ClamAV within Plesk for the reason that it's a free subscription.
However what is really required is a spam quarantine system. When spam is received it should be held on the Plesk server (rather than being tagged and forwarded on) and the quarantine system should send a daily summary email of all spam/virus received. This email should contain individual links so that the end user could then click a link to have any single spam email delivered to them if they so require. Any spam that has not been delivered would then be deleted from the server after x days.
I am currently locked in an argument with my employees saying we should use the plesk spam/virus scanning system but they say it is not sufficient and we should instead be looking at something like barracuda or GFI. If the system as I have described was integrated into plesk then there would be no reason not to use plesk.
The current system of tagging emails is okay BUT it involves having to set up outlook rules on every single client PC to filter out the mail, and all the spam mail is still forwarded to the on-site exchagne server. using the system above the spam email would go no further than the plesk server unless specifically requested.
Thanks for listening! :)

+1 would love to have ClamAV in Plesk management.

Clam allows blocking by attachment type, even if the attachment is inside a ZIP file

I've tried the Plesk anti-virus and anti-spam programs, I found they didn't really tell you, or do anything at all. WAF = Modsecurity is pretty good have that enabled with subscription. But you still need more in my opinion. Being able to Implement ClamAV FTP, HTTPD realtime scanning and Amavisd-New for antispam and email antivirus in Plesk with not having to do it manually. would be a great thing for a lot of people that don't know much about plesk and with a low budget.

https://admin-ahead.com/products/plesk-plugins/ has plugins for Plesk ClamAV, but for email you'll have to manually setup Amavisd-New. Which you can use ClamAV and hundreds of other email antivirus scanners with Amavisd-New.

@Anon: very good points, much appreciated!

Several reasons for the inclusion of ClamAV (which are important for my company):
1. We already have an infrastructure service with the central repository signatures ClamAV. If Plesk will maintain ClamAV out of the box, we can simply plug it into our infrastructure
2. ClamAV is free and is open source
3. In the event of a plurality of false-positives hosting provider will be able to remove poor-quality signature itself and will not bother its users erroneous notifications
4. We have scripts to scan files using ClamAV, that uploaded via ftp, and subsequent notification for users (at the end of the session ftp).

MORE INPUT REQUIRED? I don´t think so.

Plesk really offers 2 High-Quality antivirus, for some bucks $$$. We want 3 high quality antivirus, so, one of them is FREE (Clamav), then we can choose to pay for Karpesky, Dr Webb or stay with free Clamav.

This is the point.

+1 Mislav.eu
Very well said, agree 100%.
On a somewhat different note I stumbled across Admin-Ahead Realtime File Upload Scanner 1.0 in the extentions catalog. Apparently they've already taken the time to integrate ClamAV into plesk without any extra setup. They just seem to think it reasonable to charge $4 for something that should be free.

@BC (small business owner)
As a small business owner you should know the importance of time management. It takes time and resources to include new software into plesk. This isn't something they can say "Yep it's free, so it's included" Their devs have to not only include the new package but setup the GUI to work with it as well. Plesk (or any admin panel) has certain code that must be added to for every new piece of software included. As Mislav stated, it's much easier for us as system admins to add it manually to our local servers than it is for the Plesk team to add it globally. Justify your responses with reasons what features make ClamAV is better than what is offered as they've requested.

The main problem of society today is they want everything as final product without any manual work.

Whatever you will say, in every company there must be a system administrator to take care of things like this. I never payed a penny to plesk for some other products, only the licence and I never had problems with stuff like this (I did, before I learned how to do this) - and I'm using plesk since version 9.

People are paying for jugger firewall, kaspersky antivirus and other solutions provided, which are, don't get me wrong, just fine and they're working, but you can setup everything on your own.

I setup-ed fail2ban on all of our servers even before plesk announced changes coming in plesk 12 and it was working, even apf firewall solution with IP banning (it's still on forums). People were complaining about incremental backups for years - I've also made a script for that - so it is possible - this one is also on forums.

Why paying for some spam solution if you can integrate both clamav/amavis into postfix and that is working just fine in REAL TIME? You can also put addition rules to block different hosts, rules and you can even use different RBL there. How do you think people used different PHP versions under plesk before version 12 and option to just add new version in handler list? Manual way, yes, nothing automatically. In addition to that, clamav can scan command line, right? So you can even setup cronjob to scan emails ONLY (not vhosts) and move infected files to some quarantine folder.

In the end it all comes to this:
- I didn't come here to tell everyone how cool or uncool I am
- I came here to tell sys admins outside there to learn and do your job, otherwise switch to windows platform and do the clicky stuff there or change job
- if you're small company and don't have budget, do it my way and you will learn from this manual setups 500% more then all others, because this is what it takes to be a linux sys administrator (you can always automate things later)
- if you're lazy and have money - purchase the product and hope everything is fine (in the end, you don't know how this work)
- if you're lazy and don't have money - change the job, don't complain

Yes, I gave 3 votes in the end, because, although it is free, it's very powerful tool as already mentioned and if something is free it doesn't essentially means it's worse product/solution then payed option (also widely used, documented, etc.)

I know it takes time to implement, but just like fail2ban was integrated, clamav should be as well.

I forgot even what to type more, I want voice recorder here so I can just talk and afterwards I just post new comment.

@Sergey & Jake Why isn't the fact thats its a free AV not a good argument. If thats not an argument u could ask thousands of dollars for one single plesk licence or an antivirus module. We got a bussiness to run. Mine is small, so i need to keep the costs low, to make some profit.

Not only is ClamAv free, its fast, reliable, its widely used, well documentated, known and used by a huge group. Due that de current AV is IMO pretty expensive compared to my monthly costs of a full managementpanel: plesk (im a very small businessuser). Cause of this reason, me and many others with me use ClamAv. Integration with Plesk would save this big group of customers a lot of time. I think cause of this reason its in te top 10 of features requests. Besides, other panels have it, why shouldn't plesk have it?

@Jake

Thanks! Very good points

Even though ClamAV is free it still requires time and effort for the Plesk team to incorporate it into their panel. The argument that it's free so add it could be applied to about 1000 different things. If you want them to add it then you need to add constructive comments to the post.

I think ClamAV should be added for the reason that it's free.

FTP users are human and fallible even if they can be 100% trusted not to upload malicious content on purpose it can happen by mistake. Also we allow file transfers through our Teamspeak 3 server and I don't think mod_security would scan those files. We don't want to be known for redistributing comprised content.
I've personally never had any load issues with ClamAV but have reached out to a couple others I work with to ask about their experiences. ClamAV supports live scanning of mail, and ftp traffic (via mod_clamav which can be configured to listen on multiple sockets or ports) which would create no noticeable load on most systems HTTP uploads are also supported. Of course full system scans should be run regularly but can be configured to be run in small batches on specific directories one after another rather than the whole system at once.

Lloyd Day commented · May 03, 2015 12:04
Just make sure to configure freshclam to run with cron rather than daemon as that's the real resource hog.
Running freshclam via cron every hour uses next to none from what I have seen on my servers.

@Jake,

Well, your FTP users indeed can upload trojans or malicious code embedded in PDF files and images. But it cannot harm your server security, it will harm their site visitors, who will download those files. So I wonder how is your server impacted with these uploads?

From server security standpoint, server admin shall probably be much more concerned for malicious HTTP uploads (not FTP), which are performed normally via a vulnerability in a hosted site and potentially can take over that site in a hidden manner or can take over a server (only in a combination with some other vulnerability, of course). mod_security shall be good solution against that, when accompanied by quality ruleset (such as the one from AtomicCorp). I don't fully understand how ClamAV is efficient here, given that it is very far from 100% efficiency and regular complete scans would likely cause huge load on a server.

We observed a number of complains on high load from antiviruses scanning servers, but we have no positive data on their efficience. What is your experience about ClamAV file scan?

@Sergey L

Uplaods may contain any number of threats from viruses and trojans to malicious code embedded in images or PDFs. That the ability to scan for these threats is currently missing from plesk has us considering a move back to cPanel.

@Jake

How scan of ftp uploads would improve your server security?

Not only is clamAV free but it has the ability to scan ftp uploads as well, not just emails. This is a huge oversight in plesk server security. Especially with the statement "Plesk is the most effective, flexible and secure web control panel for professional hosting providers and webmasters..." On your homepage.

It's free !! :D