Effective virus scanners

Antony Stone Antony at SOFT-SOLUTIONS.CO.UK
Sun Aug 24 09:46:25 IST 2003


On Sunday 24 August 2003 3:57 am, Chris Mason wrote:

> From your experience how effective is the ClamAV virus database?

I think this deserves a more complete answer than I put in my last posting.

I've been using ClamAV for about 9 months now, and I would say it has become
as good any other commercial A-V engine, and better than some.

The main judge of an A-V product (apart from whether it can detect viruses,
of course, which I'm taking as read in this discussion) is how quickly a new
virus has a signature available for it - simply because the virus you're most
likely to see coming in to your system is the latest one - that's how they
work.

That said, in recent weeks & months, ClamAV has kept up with the commercial
A-V vendors in releasing timely signatures for new viruses & worms, often
beating some of them on speed.

My opinion is that it's a pretty well-matched race - imagine all the A-V
vendors lined up on a starting grid, and they start running when a new virus
is seen in the wild.   The order in which they finish is pretty mixed from
one race to another, and ClamAV can hold its own and keep up there with the
leaders.

One way to judge it is that I would expect the intervals at which you
download new signature files to be around the same as the difference between
the leading (including ClamAV) vendors releasing signatures for new viruses -
therefore there's as much of a random element inside your computer as there
is between the signature sources in terms of deciding which one gets a new
signature first.

That said, the ones who do not lead in a given race (which again from time to
time includes most of the well-known names), are sometimes incredibly slow to
produce a new signature - several days is not unknown to some members of this
list who have supplied samples to their commercial A-V vendors.

Hope this is useful for you.

Regards,


Antony.

--

Programming is a Dark Art, and it will always be. The programmer is
fighting against the two most destructive forces in the universe:
entropy and human stupidity. They're not things you can always
overcome with a "methodology" or on a schedule.
 - Damian Conway, Perl God



More information about the MailScanner mailing list