Differences between version 10 and previous revision of ClamAV.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 10 | Last edited on Thursday, June 3, 2004 7:52:10 am | by RuudSchramp | Revert |
Older page: | version 2 | Last edited on Wednesday, April 14, 2004 5:47:28 am | by AristotlePagaltzis | Revert |
@@ -1,11 +1,15 @@
[ClamAV | http://www.clamav.net/] is a [Free] ([GPL]) [Virus] scanner for [Linux], [Solaris], [*BSD], [AIX], [MacOSX], [Cygwin] B20 on multiple architectures such as [Intel], [Alpha], [SPARC], Cobalt MIPS boxes, [PowerPC] and [RISC] 6000. It started as a [C]-based reimplementation of of the abandoned [Java] !OpenAntiVirus. Signature updates are available in an open FileFormat.
[ClamAV] comes with a tool called __freshclam__ which updates the virus database automatically: it downloads the database from !http://database.clamav.net/ (a round robin record that tries to equally balance the traffic between [all the database mirrors | http://www.clamav.net/mirrors.html]) which is split into two files called __main.cvd__ and __daily.cvd__. __daily.cvd__ is updated frequently and occasionally is merged with __main.cvd__.
-Unfortunately
, at
the time
of this writing
, these
updates are provided far too slowly to adequately cope with the contemporary appearance rate of new mail worms, of which new mutations sometimes follow each other within hours. In the days
it takes for the [
ClamAV] signatures to be updated
, your systems will be unprotected. The better competitors manage to have updates available often within hours of
a new mutation's spotting -- of course
, these are commercial offerings and don
't have to rely on volunteers to sustain the infrastructure required from such
response times.
+In issue 8/2004 (April 5, 2004)
, the German computer magazine [c't | http://www.heise.de/ct/] published a comparative review
of a number of virus scanners
, in which they reported that [ClamAV]'s signature
updates are provided far too slowly to adequately cope with the contemporary appearance rate of new mail worms, of which new mutations sometimes follow each other within hours. On the other hand, a lot of people appear to have had experiences to the contrary.
+
In the same magazine
it is explained that
ClamAV doesn't include "Code emulation"
, a way to identify __PolyMorphicVirusses__.
+
+Anyway
, you can see [ClamAV]
's
response times by yourself at http://news.gmane.org/gmane.comp.security.virus.clamav.virusdb
+I suggest you check them out before you say [ClamAV] doesn't suit your needs. You could be surprised
.
[ClamAV] can be used by [ContentScanner]s to scan [Email]s on many [MTA]s. The [ClamAV] package includes one written by Nigel Horne for SendMail called __clamav-milter__. Another one is [smtp-vilter | http://www.etc.msys.ch/software/smtp-vilter/]. They both use the SendMail "milter" [API]. You can also use [ClamAV] to scan all [POP3] traffic with __pop3vscan__. See ClamAvPopVscan. In fact you can even use [ClamAV] to scan your incoming mail in Outlook: just get [ClamWin | http://clamwin.sf.net] and install the Outlook Plugin!
See also:
* ClamAvNotes
* [Third-party software with ClamAV support | http://www.clamav.net/3rdparty.html]