“It is time for us to make a change. ClamAV is now mature software and we are confident that Sourcefire will successfully continue its development, move it forward and maintain the integrity of its infrastructure. Matt Watchinski, who has headed Sourcefire’s Vulnerability Research Team for 10 years, will continue to lead this project. Joel Esler, the company’s Open Source community manager, will also be your main point of contact and advocate.”
Bullshit. Last time I’ve tried to use “nautilus-clamscan” in Ubuntu 12.04 it was broken as shit. That’s far from being “mature”.
Nautilus-clamscan is not a ClamAV project, so its maturity is completely irrelevant to ClamAV’s maturity. Besides, ClamAV is mostly used on e-mail systems and my experience tells me it works great.
But I’m curious: what didn’t work in nautilus-clamscan?
After installing nautilus-clamscan and right clicking on a directory (or something else), it simply would not show the option to scan things.
Oh my…
So you didn’t even get to the point of using the program.
My experience with clamscan was when my windows installation quit working. Thinking it could have been a virus, I ran the scanner on the whole partition, from my working linux partition.
That was taking too long on my poor netbook, I ^C’ed it and just reinstalled windows.
It didn’t find anything in those two hours, but neither did a full MS Security Essentials scan. I guess it’s ok.
Edited 2012-06-20 01:29 UTC
That’s right, here are some bug reports for that issue:
https://bugs.launchpad.net/ubuntu/+source/nautilus-clamscan/+bug/360…
https://bugs.launchpad.net/nautilus-clamscan/+bug/601255
Edited 2012-06-20 02:21 UTC
So, you installed a Nautilus plugin, and the Nautilus plugin didn’t show the option for ClamAV, thus it’s the fault of the ClamAV developers that the Nautilus plugin failed to install correctly?
That’s some twisted logic you got going on there.
Agreed. I wouldn’t consider ClamAV a desktop A/V solution. However I have used it on my mail server for about 2 years now, and it works like a charm!
ClamAV always seemed like a nice idea to me. It’s relatively small, freely distributable, and the Linux version is supposed to have decent detection rates; it probably makes a nice addition to a system rescue toolset, especially since you can run it from SystemRescueCD or such… As opposed to needing a live CD from the antivirus vendor, which will probably be running kernel 2.6.18 and Xorg 6.8, and completely incapable of running with your video card or mobo chipset.
Also I like that it doesn’t try to be an on-access AV solution. (Because on-access AVs are a poor substitute for practical knowledge of your OS, never mind actual software security.)
OTOH I haven’t had the opportunity to put it to serious use yet. I’d be interested to hear how well it does detecting some of the nastier varieties of common malware – MBR rootkits for instance.
It works really well for email servers, lots of addition spam/scan detecting definition files available too.
For detecting virusses on desktop machines it is less useful.
The problem is it doesn’t have an automatic scan on file use function (like pretty much any commercial scanner) so people don’t use it on a daily basis.
Because people don’t use it on a daily basis, they don’t get as many virus submissions as the commercial products.
If an automatic virus scanner was created for clamwin (probably the best known open source project which produces a windows program based on clamav) then it could pick up pretty fast.
Now that in the last few years there are some commercial products which also have a free version I chance of clamwin geting a really large installed base is even slimmer.
An other reason why clamav on the desktop is less useful is because all desktop anti-virus software have become less useful.
New virusses variants are generated with automated tooling every couple of minutes and then the virusses are send over the Internet through email and all the other infection channels.
And most anti-virus software can’t really detect all these new variants. There are more variants created than the virus scanner companies can track let alone create definitions for.
The virus creators have found ways to create variants which the anti-virus software creators haven’t found a way to detect variants for. So each variants needs a seperate definition.
The anti-virus companies have lost the battle.
Maybe I should give an example, recently I found a virus and I uploaded it to http://virustotal.com/ and http://virscan.org/ pretty much no virusscanner recognized it.
Only some scanners which I had previously never heared of. All the big brands did not recognise it.
Edited 2012-06-20 10:02 UTC