Linked by Thom Holwerda on Tue 19th Jun 2012 22:38 UTC, submitted by Jean Turner
Privacy, Security, Encryption "It is time for us to make a change. ClamAV is now mature software and we are confident that Sourcefire will successfully continue its development, move it forward and maintain the integrity of its infrastructure. Matt Watchinski, who has headed Sourcefire's Vulnerability Research Team for 10 years, will continue to lead this project. Joel Esler, the company's Open Source community manager, will also be your main point of contact and advocate."
Permalink for comment 523003
To read all comments associated with this story, please click here.
RE: A good idea, I suppose.
by Lennie on Wed 20th Jun 2012 09:57 UTC in reply to "A good idea, I suppose."
Lennie
Member since:
2007-09-22

It works really well for email servers, lots of addition spam/scan detecting definition files available too.

For detecting virusses on desktop machines it is less useful.

The problem is it doesn't have an automatic scan on file use function (like pretty much any commercial scanner) so people don't use it on a daily basis.

Because people don't use it on a daily basis, they don't get as many virus submissions as the commercial products.

If an automatic virus scanner was created for clamwin (probably the best known open source project which produces a windows program based on clamav) then it could pick up pretty fast.
Now that in the last few years there are some commercial products which also have a free version I chance of clamwin geting a really large installed base is even slimmer.

An other reason why clamav on the desktop is less useful is because all desktop anti-virus software have become less useful.

New virusses variants are generated with automated tooling every couple of minutes and then the virusses are send over the Internet through email and all the other infection channels.

And most anti-virus software can't really detect all these new variants. There are more variants created than the virus scanner companies can track let alone create definitions for.

The virus creators have found ways to create variants which the anti-virus software creators haven't found a way to detect variants for. So each variants needs a seperate definition.

The anti-virus companies have lost the battle.

Maybe I should give an example, recently I found a virus and I uploaded it to http://virustotal.com/ and http://virscan.org/ pretty much no virusscanner recognized it.

Only some scanners which I had previously never heared of. All the big brands did not recognise it.

Edited 2012-06-20 10:02 UTC

Reply Parent Score: 3