Replies: 7 comments 5 replies
-
|
I personally haven't had any issues with ClamAV, but that might be because of my hardware. If it is off by default, then is it easy to enable it? These options will have to be clearly stated so that those who want extra security features can add it. |
Beta Was this translation helpful? Give feedback.
-
|
Should be pretty easy to enable: setting the env var to enabled + adding the container. If we'll go with the change, we'll share a tutorial for enabling the feature. |
Beta Was this translation helpful? Give feedback.
-
|
I would actually be in favor of leaving ClamAV on by default. Besides, it's not really that difficult to turn it off again. Maybe we could give the installation dialog an option to disable ClamAV. |
Beta Was this translation helpful? Give feedback.
-
|
I like the idea with the installation dialog option. |
Beta Was this translation helpful? Give feedback.
-
|
yeah me too we can give a clear installation dialog about it. |
Beta Was this translation helpful? Give feedback.
-
|
Unfortunately I don't have any insight knowledge about how much more security ClamAV provides to Appwrite. I can confirm though that it is very resource hungry and my instance of Appwrite had errors during startup on a machine which had just 1 GB of RAM. |
Beta Was this translation helpful? Give feedback.
-
|
ClamAV can use that 1GB all by itself, especially during any scanning periods. Might be worth documenting any suggested CPU/RAM requirements in a README somewhere. |
Beta Was this translation helpful? Give feedback.
-
|
I've used ClamAV many times while helping people clean up compromised Linux systems - from my experience, ClamAV is only as good as its malware databases. Does Appwrite include any third-party malware databases? (just an example). If ClamAV is kept in the stack, the default should be appropriately secure with little maintenance. It definitely adds value to production, but also adds a lot of time to the first-startup time of the Appwrite dev stack. I'd prefer it was a feature flag, disabled by default in dev, enabled in prod. |
Beta Was this translation helpful? Give feedback.
-
|
We use the internal DB and we have a background process updating the DB in a specific interval. |
Beta Was this translation helpful? Give feedback.
-
|
I agree with @TorstenDittmann, having a setup dialog would be an awesome idea, based on users choice ClamAV is disabled or enabled after installation is completed. Having it enabled is not a big issue, instead of having a tutorial to enable it, we can have a tutorial to disable it with an warning. |
Beta Was this translation helpful? Give feedback.
-
|
After a long internal debate and understanding ClamAV is the #1 cause for failed setups we have decided to switch the AV scanning feature to |
Beta Was this translation helpful? Give feedback.
-
|
This is the relevant PR: #1064 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
ClamAV scans for uploaded files is a super cool feature, but it consumes a lot of memory and sometimes a lot of CPU.
I think it can make life harder for people starting to use Appwrite, especially on resource limited environment. I would love to get community feedback regarding the possibility to have this feature turned off by default.
Beta Was this translation helpful? Give feedback.
All reactions