Linked by Thom Holwerda on Tue 19th Jun 2012 22:38 UTC, submitted by Jean Turner
Privacy, Security, Encryption "It is time for us to make a change. ClamAV is now mature software and we are confident that Sourcefire will successfully continue its development, move it forward and maintain the integrity of its infrastructure. Matt Watchinski, who has headed Sourcefire's Vulnerability Research Team for 10 years, will continue to lead this project. Joel Esler, the company's Open Source community manager, will also be your main point of contact and advocate."
E-mail Print r 0   9 Comment(s)
Thread beginning with comment 522983
To read all comments associated with this story, please click here.
A good idea, I suppose.
by Gullible Jones on Wed 20th Jun 2012 04:05 UTC
Gullible Jones
Member since:

ClamAV always seemed like a nice idea to me. It's relatively small, freely distributable, and the Linux version is supposed to have decent detection rates; it probably makes a nice addition to a system rescue toolset, especially since you can run it from SystemRescueCD or such... As opposed to needing a live CD from the antivirus vendor, which will probably be running kernel 2.6.18 and Xorg 6.8, and completely incapable of running with your video card or mobo chipset.

Also I like that it doesn't try to be an on-access AV solution. (Because on-access AVs are a poor substitute for practical knowledge of your OS, never mind actual software security.)

OTOH I haven't had the opportunity to put it to serious use yet. I'd be interested to hear how well it does detecting some of the nastier varieties of common malware - MBR rootkits for instance.

Reply Score: 3

RE: A good idea, I suppose.
by Lennie on Wed 20th Jun 2012 09:57 in reply to "A good idea, I suppose."
Lennie Member since:

It works really well for email servers, lots of addition spam/scan detecting definition files available too.

For detecting virusses on desktop machines it is less useful.

The problem is it doesn't have an automatic scan on file use function (like pretty much any commercial scanner) so people don't use it on a daily basis.

Because people don't use it on a daily basis, they don't get as many virus submissions as the commercial products.

If an automatic virus scanner was created for clamwin (probably the best known open source project which produces a windows program based on clamav) then it could pick up pretty fast.
Now that in the last few years there are some commercial products which also have a free version I chance of clamwin geting a really large installed base is even slimmer.

An other reason why clamav on the desktop is less useful is because all desktop anti-virus software have become less useful.

New virusses variants are generated with automated tooling every couple of minutes and then the virusses are send over the Internet through email and all the other infection channels.

And most anti-virus software can't really detect all these new variants. There are more variants created than the virus scanner companies can track let alone create definitions for.

The virus creators have found ways to create variants which the anti-virus software creators haven't found a way to detect variants for. So each variants needs a seperate definition.

The anti-virus companies have lost the battle.

Maybe I should give an example, recently I found a virus and I uploaded it to and pretty much no virusscanner recognized it.

Only some scanners which I had previously never heared of. All the big brands did not recognise it.

Edited 2012-06-20 10:02 UTC

Reply Parent Score: 3