Best AV

Matt Kettler mkettler at EVI-INC.COM
Fri Oct 15 22:18:16 IST 2004


<x-flowed>
At 04:33 PM 10/15/2004, Brian Berglund wrote:
>What is the best virus scanning software to use with Mailscanner?
>I am going to try ClamVS,  any other suggestions?

Changed the subject since this no longer has anything to do with "Transport
File"

"best" is a bit of a relative term.

Clam is certainly best price/performance. It works fairly well, is
constantly getting better, and costs nothing.

Sophos seems to have the best support and commercial signature generation,
but they are also one of the more expensive tools.

F-prot seems to be a decent low-priced commercial AV.

For real statistics, I use ClamAV and Command AV (repackaging of f-prot).
And here's some bits on how they stack up.

Note that ClamAV includes phish-mail signatures, so I have one set that
ignores those:

ClamAV: 2149                            That command missed: 304
ClamAV, minus Phishes: 2038             That command missed: 193 (9.47%)
Command: 1847                   That Clam missed: 2 (both HTML/ObjData at exp)

Important note of bias: Test data covers all viruses received here since
8/1. ClamAV gets updated much more frequently than Command does.

I used to update Command's signatures twice daily, but on 9/28 I shifted to
6 times a day. Clam gets updated hourly via mailscanner's scripts. Thus,
clam is still updated much more frequently than clam.

Only counting since 9/28:
ClamAV: 650                     That command missed: 192
ClamAV, minus Phishes: 538      That command missed: 80 (14.86%)
Command: 458            That Clam missed: 0

 From that it's hard to conclude more updates would help Command, but
command is effectively free for me since we have a site-license that
packages in the mailserver use.

Also Clam has been charging ahead and it's code is greatly improved itself
over the past few months. I'm currently using ClamAV 0.80rc*. Command
hasn't released an updated package for the main the engine for their Linux
version in a long while, only deffiles.

I also just noticed command released a new code version, I was on
csav-4.90.2, the newest available as of 9/1/2004 when I last checked.
However, they now have 4.92.1 up.. it's a shame it won't install on it's
own. It claims it can't install on my i386 arch, because it was designed
for i?86... Nice eh? :)



(When I shifted to 6 updates a day, I also stopped using the inefficient
method of using rpm's ftp ability, and made a little wget-based script
which downloads the file only when it changes.)

#!/bin/sh
cd /usr/share/csav-update
wget -nv -N
http://user:password@download.commandsoftware.com/csav/deffiles/deflinux.rpm
rpm -U --quiet deflinux.rpm

Quite handy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list