PVE with antivirus
- Thread starter NPK
- Start date
It cannot affect the license as that is AGPL3 
. Maybe use a (free) support ticket (or an email) to ask the Proxmox sales office directly to tell you if your specific antivirus software impacts the support contract? I don't think the volunteers (which includes the technical Proxmox staff) on this forum can give you a definitive answer for any software in particular.
. Maybe use a (free) support ticket (or an email) to ask the Proxmox sales office directly to tell you if your specific antivirus software impacts the support contract? I don't think the volunteers (which includes the technical Proxmox staff) on this forum can give you a definitive answer for any software in particular.
Last edited:
My question would be, why would you need an antivirus on a host ? I understand having antivirus inside a VM.
In my opinion, you're asking the wrong question. Instead of asking whether antivirus software could cause problems on the host, you should first ask whether it is needed there at all. Only if you come to the conclusion that it is needed your original question would become relevant.
Personally, I see no reason to run antivirus software on the host system, why would you? Antivirus is primarily intended to scan user data, and user data has no place on a virtualization host. As long as you only use software provided by the official repositories (Debian and Proxmox) and don’t install anything sketchy, you simply don’t need an antivirus scanner on the host.
Last edited:
In order to answer this question seriously, we would need to know exactly which antivirus product OP intends to install.
@NPK If you're talking about a classic AV scanner like ClamAV:
I’d consider that mostly useless on a virtualization host, because normally you wouldn’t upload random files to the host itself. And if you do upload untrusted files to the host, then you’re already in unsupported territory, and the activities that lead you to believe you need antivirus on the host are probably the much bigger issue.
If by “antivirus” you actually mean general security hardening or third-party security tools, they'd likely need to know which specific software you’re referring to. In that case, it would probably be best to open a support ticket and ask the Proxmox team directly whether they support the tool you want to use — or consider proper security consulting for Proxmox and Linux in general.
Long story short: Your question is too vague to answer with a simple “yes” or “no.” And if I had to guess, I’d say this is more about checking some compliance boxes for management than about actual security.
@NPK If you're talking about a classic AV scanner like ClamAV:
I’d consider that mostly useless on a virtualization host, because normally you wouldn’t upload random files to the host itself. And if you do upload untrusted files to the host, then you’re already in unsupported territory, and the activities that lead you to believe you need antivirus on the host are probably the much bigger issue.
If by “antivirus” you actually mean general security hardening or third-party security tools, they'd likely need to know which specific software you’re referring to. In that case, it would probably be best to open a support ticket and ask the Proxmox team directly whether they support the tool you want to use — or consider proper security consulting for Proxmox and Linux in general.
Long story short: Your question is too vague to answer with a simple “yes” or “no.” And if I had to guess, I’d say this is more about checking some compliance boxes for management than about actual security.
Last edited:
I am not convinced of the supreme benefit of adding an antivirus to a hypervisor; it is really more a question of ticking a box, yes.
It can be F-Secure, ClamAV, or another one. I haven't seen any official statement from Proxmox on this subject, that's why I'm asking here - and I don't have active subscription support at this time.
I can't imagine ClamAV being a problem for Proxmox or their support, as it is a standard Debian package. Best to contact Proxmox office or sales directly for official answers to your questionnaire: https://proxmox.com/en/about/contact
I'm with you.
But the argument is weak: there are 64000 packages in Trixie - probably not all of them are harmless for PVE...
;-)
Linux is an inferior antivirus platform. If you want to run your antivirus really well, the best bet is to install Windows.
Saying what?
I have no idea what that means, an anti virus is only applicable to its host operating system especially if monitoring RAM. a windows av is of no purpose if you're running PVE and vice versa- there is no such thing as "antivirus platform"
Windows is a largest virus platform. Therefore it is also the largest anti-virus platform. Even Linux anti-virus products mostly check for Windows viruses. Which makes sense if you're serving files to Windows users. On a Linux-based hypervisor it is just useless overhead.
Yes, I am aware that certain standards like the US Government's STIG's, require anti-virus on Linux servers regardless of function. Doesn't make it any less dumb, just easier for non-technical people to verify.
The question whether this is supported can only be answered by Proxmox Server Solutions GmbH. Another question is whether running Antivirus on PVE is a good idea. Imho it's not since the usual "managed enterprise endpoint security" XDR-Software by Clownstrike,PaloAltoNetworks Cortex or Sentinelone are all big performance reducers. I'm aware that this won't help you in dealing woth security/compilance theater managers. Maybe installing ClamAV and doing a scheduled scan from time to time will satisfy them (although it won't do much for real security, but this is also true for XDR-Software), but with that you won't have the nice statistiscs and dashboards managers love in their "enterprise-grade" theater software.
Since I also need to deal with such requirements (thus we have such a Performance eater on all of our Linux VMS at work ): ) I think it would be good idea to cover that subject in the documentation of ProxmoxVE. Thus I filed a bug on it:
https://bugzilla.proxmox.com/show_bug.cgi?id=7035
I filed it under "common" since this issue is basically the same for all Proxmox products and we already have an report of an antivirus software wreaking havoc on PBS backups: https://forum.proxmox.com/threads/ransomware-alert-on-proxmox-backup-server-3-4-1.169240/
Since I also need to deal with such requirements (thus we have such a Performance eater on all of our Linux VMS at work ): ) I think it would be good idea to cover that subject in the documentation of ProxmoxVE. Thus I filed a bug on it:
https://bugzilla.proxmox.com/show_bug.cgi?id=7035
I filed it under "common" since this issue is basically the same for all Proxmox products and we already have an report of an antivirus software wreaking havoc on PBS backups: https://forum.proxmox.com/threads/ransomware-alert-on-proxmox-backup-server-3-4-1.169240/
Last edited:
If you're asking to add AV into the scope of PVE, say so. if you're not, what possible reason would the devs have to even have a position? like you pointed out, its just Debian- if you can run it on debian you can run it on PVE.
Anything monitoring memory in real time is going to have a significant impact on performance. no way around that. just understand and prepare for that if your use case requires that level of intrusion. it may also have unintended consequences.
I dont monitor in memory for the above reason. instead I have strict adherence rules to Lynis and an active IPS/IDS. more then one way to skin a cat.
@Johannes S was not the one asking this question.
You don't need antivirus software on a virtualization host at all. Unless you grant the trainees, the receptionist, and the CEO root access to your production hosts. ;-)
Seriously. Not even then. I mean, what is an antivirus scanner supposed to find on a Proxmox host?
Last edited: