Any way to use ClamAV on an Asus router running merlin?
But, why?
ClamAV is a scanning engine that uses a database and heuristics to detect an infection.
Are you looking for an Anti Virus Scanner, or Intrusion Prevention System?
I guess I’m not 100% sure. Which would I need/which would increase security?
It sounds like you’re looking for intrusion detection or prevention rather than antivirus.
Great list here https://github.com/sbilly/awesome-security#ids--ips--host-ids--host-ips
However it’s likely that these do not run on asuswrt-merlin out of the box and may require additional setup or hardware.
You may even be good enough by using the built in firewall on the router interface and making sure no ports are open/forwarded.
Yea I think intrusion detection is what I want. I’ll have a look at that page, but I may end up just going with pfsense one day.
If your goal is network security, you’d probably be best off deploying something like Security Onion.
After the basics like having a firewall, making sure you have the strongest wireless encryption your devices support (WPA3 probably, WPA2 if 3 isn’t supported), stuff like that.
Okay this seems neat. Would this be usable for a home network?
ClamAV is an anti-virus software that you would run on end-devices to scan files, an intrusion detection scans network traffic to detect anything potentially malicious. I don’t know your exact router model but I suspect it’s way too weak to run intrusion detection. If you have a switch that’s capable of mirroring you could use that to utilize a more powerful machine to scan network traffic.
Ah gotcha. Makes sense. Would something like WatchYourLAN or Pi.Alert be good?
It’s a good way to see if someone has cracked your WiFi password for example so why not. Doesn’t add much security but better than nothing.
What do you mean by “increase security”? Security isn’t a thing where you get +5 points for every antivirus you have installed - it’s about risks, and how you mitigate them. A perfect antivirus isn’t going to protect you if you have a crappy password on something you forgot about, or if you are running software with a serious security vulnerability.
