Mailing List Archive

[Windows] How does ClamAV compare with closed-source alternatives?
Hello

I searched the archives of this mailing-list (the web interface to the
archives of the ClamWin doesn't provide a search option) and read the links
provided in the subscription e-mail (www.clamav.net/support/ml,
www.clamav.net/support/faq, wiki.clamav.net), but only found a single thread
from 2004 on the subjet.

I like the fact that ClamAV is open-source, but I can only recommend
ClamAV-included live CDs (like www.trinityhome.org or www.sysresccd.org) to
customers if it's as reliable as the closed-source leaders such as Kasperksy
or AVG in detecting (and ideally, fixing) viruses on Windows hosts.

Is there a recent and unbiased review of ClamAV vs. closed-source
alternatives?

Thank you.
--
View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28535727.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
On Wed, May 12, 2010 at 06:08:38AM -0700, Fred-145 wrote:
>
> Hello
>
> I searched the archives of this mailing-list (the web interface to the
> archives of the ClamWin doesn't provide a search option) and read the links
> provided in the subscription e-mail (www.clamav.net/support/ml,
> www.clamav.net/support/faq, wiki.clamav.net), but only found a single thread
> from 2004 on the subjet.
>
> I like the fact that ClamAV is open-source, but I can only recommend
> ClamAV-included live CDs (like www.trinityhome.org or www.sysresccd.org) to
> customers if it's as reliable as the closed-source leaders such as Kasperksy
> or AVG in detecting (and ideally, fixing) viruses on Windows hosts.
>
> Is there a recent and unbiased review of ClamAV vs. closed-source
> alternatives?

As ClamAV itself says: "designed especially for e-mail scanning on mail
gateways". Given this purpose and the (little) amount of staff writing
signatures, it's obvious that ClamAV is not "reliable for fixing" infected
computers. It's meant for detecting incoming threats.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
ClamAV is not specifically designed to be a host-based AV although you
can use it as such. If you want a ClamAV solution specially designed
to run on end systems, check out ClamAV for Windows:
http://www.clamav.net/lang/en/about/win32/

-Alain

On Wed, May 12, 2010 at 9:16 AM, Henrik K <hege@hege.li> wrote:
> On Wed, May 12, 2010 at 06:08:38AM -0700, Fred-145 wrote:
>>
>> Hello
>>
>> I searched the archives of this mailing-list (the web interface to the
>> archives of the ClamWin doesn't provide a search option) and read the links
>> provided in the subscription e-mail (www.clamav.net/support/ml,
>> www.clamav.net/support/faq, wiki.clamav.net), but only found a single thread
>> from 2004 on the subjet.
>>
>> I like the fact that ClamAV is open-source, but I can only recommend
>> ClamAV-included live CDs (like www.trinityhome.org or www.sysresccd.org) to
>> customers if it's as reliable as the closed-source leaders such as Kasperksy
>> or AVG in detecting (and ideally, fixing) viruses on Windows hosts.
>>
>> Is there a recent and unbiased review of ClamAV vs. closed-source
>> alternatives?
>
> As ClamAV itself says: "designed especially for e-mail scanning on mail
> gateways". Given this purpose and the (little) amount of staff writing
> signatures, it's obvious that ClamAV is not "reliable for fixing" infected
> computers. It's meant for detecting incoming threats.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
azidouemba wrote:
> ClamAV is not specifically designed to be a host-based AV although you
> can use it as such. If you want a ClamAV solution specially designed to
> run on end systems, check out ClamAV for Windows

Thanks for the link. I assume that ClamAV for Windows uses the same virus
database as the *nix ClamAV, which would mean it's not a good alternative to
closed-source commercial alternatives like Kaspersky, etc.?

Is there a recent comparison of ClamAV against commercial alternatives?

--
View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28536134.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Fred-145 wrote:
> azidouemba wrote:
>
>> ClamAV is not specifically designed to be a host-based AV although you
>> can use it as such. If you want a ClamAV solution specially designed to
>> run on end systems, check out ClamAV for Windows
>>
>
> Thanks for the link. I assume that ClamAV for Windows uses the same virus
> database as the *nix ClamAV, which would mean it's not a good alternative to
> closed-source commercial alternatives like Kaspersky, etc.?
>
> Is there a recent comparison of ClamAV against commercial alternatives?

No, ClamAV for Windows currently does not use the ClamAV engine
(although there is talk of adding it in). It instead uses Immunet's
cloud-based antivirus.

http://www.immunet.com/protect

--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Technically speaking, ClamAV is open-source. However, we do not
provide the code for ClamAV for Windows, therefore ClamAV for Windows
is close-source just like the other AV solutions you mentioned.
When it comes to whether ClamAV for Windows is going to fit your
needs, you will have to decide that for yourself. I will only add that
ClamAV for Windows uses an advances cloud-architecture that improves
upon the detections provided by ClamAV's virus DB (which by the way is
maintained by researchers who in the past have worked large AV vendors
such as the ones behind the products you talked about).

Hope that helps,

-Alain

On Wed, May 12, 2010 at 9:42 AM, Fred-145 <codecomplete@free.fr> wrote:
>
>
> azidouemba wrote:
>> ClamAV is not specifically designed to be a host-based AV although you
>> can use it as such. If you want a ClamAV solution specially designed to
>> run on end systems, check out ClamAV for Windows
>
> Thanks for the link. I assume that ClamAV for Windows uses the same virus
> database as the *nix ClamAV, which would mean it's not a good alternative to
> closed-source commercial alternatives like Kaspersky, etc.?
>
> Is there a recent comparison of ClamAV against commercial alternatives?
>
> --
> View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28536134.html
> Sent from the clamav-users mailing list archive at Nabble.com.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
azidouemba wrote:
> When it comes to whether ClamAV for Windows is going to fit your
> needs, you will have to decide that for yourself.

Unfortunately, I don't have the time and skills for this, so I'd like to
read an unbiased and recent comparison.

I assume it's possible to setup a bunch of Windows computers, each with a
different AV solution, programmatically hit them with thousands of
well-known viruses, and see how they fare?
--
View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28536422.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamu] [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
On Wed, 12 May 2010, Fred-145 wrote:
> Unfortunately, I don't have the time and skills for this, so I'd like to
> read an unbiased and recent comparison.

Google is your friend. The buzzword you need to remember is 'benchmark'.
I googled for 'antivirus benchmark' and the top result had a nice
long list.

Enjoy!

- Charles
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamu] [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Charles Gregory wrote:
> The buzzword you need to remember is 'benchmark'. I googled for 'antivirus
> benchmark' and the top result had a nice long list.

Thanks for the tip. Is this the list?

"Aug 3rd, 05 - The Best of AntiVirus Rank"
http://forums.vr-zone.com/developers-software-discussion/30083-shootout-antivirus-benchmark.html

I couldn't find a recent comparison that came from a neutral source, ie. not
marketing material from a vendor or ad-based site. Does someone have a link?
--
View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28537369.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamu] [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Dud (Fred-145) do you work for a proprietary anti-virus company or something, cuz it sounds like your just trying to dis??

Charles is right google IS your friend (a big behemoth who's time will soon come):


http://www.builderau.com.au/blogs/byteclub/viewblogpost.htm?p=339270831

Also, if you do not have the time to be intimately familiar with the product you are deploying, please hire a hack who is (notice I did not say a consulting firm, but a hack!)!


> Date: Wed, 12 May 2010 08:15:52 -0700
> From: codecomplete@free.fr
> To: clamav-users@lists.clamav.net
> Subject: Re: [Clamav-users] [clamu] [Windows] How does ClamAV compare with closed-source alternatives?
>
>
>
> Charles Gregory wrote:
> > The buzzword you need to remember is 'benchmark'. I googled for 'antivirus
> > benchmark' and the top result had a nice long list.
>
> Thanks for the tip. Is this the list?
>
> "Aug 3rd, 05 - The Best of AntiVirus Rank"
> http://forums.vr-zone.com/developers-software-discussion/30083-shootout-antivirus-benchmark.html
>
> I couldn't find a recent comparison that came from a neutral source, ie. not
> marketing material from a vendor or ad-based site. Does someone have a link?
> --
> View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28537369.html
> Sent from the clamav-users mailing list archive at Nabble.com.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
On Wed, May 12, 2010 at 6:08 AM, Fred-145 <codecomplete@free.fr> wrote:

> I searched the archives of this mailing-list (the web interface to the
> archives of the ClamWin doesn't provide a search option) and read the links
> provided in the subscription e-mail (www.clamav.net/support/ml,
> www.clamav.net/support/faq, wiki.clamav.net), but only found a single
> thread
> from 2004 on the subjet.
>
> I like the fact that ClamAV is open-source, but I can only recommend
> ClamAV-included live CDs (like www.trinityhome.org or www.sysresccd.org)
> to
> customers if it's as reliable as the closed-source leaders such as
> Kasperksy
> or AVG in detecting (and ideally, fixing) viruses on Windows hosts.
>
> Is there a recent and unbiased review of ClamAV vs. closed-source
> alternatives?
>

ClamAV can only detect malware, it does not clean or even quarantine
anything.

And it's geared toward e-mail, which means the focus of the AV DB will be
threats that use e-mail as an attach vector. As such, you won't signatures
in the DB for things like boot sector viruses, or rootkits, or things like
that.

If you need something to go on a LiveCD for scanning, repairing, and
recovering Windows systems, ClamAV is not what you want.

--
Freddie Cash
fjwcash@gmail.com
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
> ClamAV can only detect malware, it does not clean or even quarantine
> anything.

ClamAV does not just detect malware, it can can quarantine it.

> And it's geared toward e-mail, which means the focus of the AV DB will be
> threats that use e-mail as an attach vector.  As such, you won't signatures
> in the DB for things like boot sector viruses, or rootkits, or things like
> that.

The focus of the AV DB is not just threat that use email as an attack
vector, but rather malware that can make its way to end-users
machines, regardless of the vector or attack.

-Alain

On Wed, May 12, 2010 at 11:51 AM, Freddie Cash <fjwcash@gmail.com> wrote:
> On Wed, May 12, 2010 at 6:08 AM, Fred-145 <codecomplete@free.fr> wrote:
>
>> I searched the archives of this mailing-list (the web interface to the
>> archives of the ClamWin doesn't provide a search option) and read the links
>> provided in the subscription e-mail (www.clamav.net/support/ml,
>> www.clamav.net/support/faq, wiki.clamav.net), but only found a single
>> thread
>> from 2004 on the subjet.
>>
>> I like the fact that ClamAV is open-source, but I can only recommend
>> ClamAV-included live CDs (like www.trinityhome.org or www.sysresccd.org)
>> to
>> customers if it's as reliable as the closed-source leaders such as
>> Kasperksy
>> or AVG in detecting (and ideally, fixing) viruses on Windows hosts.
>>
>> Is there a recent and unbiased review of ClamAV vs. closed-source
>> alternatives?
>>
>
> ClamAV can only detect malware, it does not clean or even quarantine
> anything.
>
> And it's geared toward e-mail, which means the focus of the AV DB will be
> threats that use e-mail as an attach vector.  As such, you won't signatures
> in the DB for things like boot sector viruses, or rootkits, or things like
> that.
>
> If you need something to go on a LiveCD for scanning, repairing, and
> recovering Windows systems, ClamAV is not what you want.
>
> --
> Freddie Cash
> fjwcash@gmail.com
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
On Wed, May 12, 2010 at 9:01 AM, Alain Zidouemba
<azidouemba@sourcefire.com>wrote:

> > ClamAV can only detect malware, it does not clean or even quarantine
> > anything.
>
> ClamAV does not just detect malware, it can can quarantine it.


Since when? As long as I've been using it, it's been a detection-only
system. The frameworks that use ClamAV (milter, amavisd, etc) handle the
quarantining. All ClamAV does is say "file good" or "file bad".


> > And it's geared toward e-mail, which means the focus of the AV DB will be
> > threats that use e-mail as an attach vector. As such, you won't
> signatures
> > in the DB for things like boot sector viruses, or rootkits, or things
> like
> > that.
>
> The focus of the AV DB is not just threat that use email as an attack
> vector, but rather malware that can make its way to end-users
> machines, regardless of the vector or attack.
>

That could be, although everything I've seen on this list has been that
ClamAV is geared toward e-mail-based malware.

--
Freddie Cash
fjwcash@gmail.com
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [clamu] [clamu] [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
On Wed, 12 May 2010, Fred-145 wrote:
> I couldn't find a recent comparison that came from a neutral source, ie. not
> marketing material from a vendor or ad-based site. Does someone have a link?

I don't have anything current, and I lost the link a while back, but I
recall an interesting statistic on one benchmark site where someone took
the trouble to test the *overlap* of different AV engines, and they found
that while the top AV products were catching 98%-99% of viruses, they were
each missing a DIFFERENT 2%....

So we run ClamAV on our servers, and strongly recommend that our members
use a *different* AV on their own computers, to try and catch what ClamAV
misses.

- Charles
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
> Since when?  As long as I've been using it, it's been a detection-only
> system.  The frameworks that use ClamAV (milter, amavisd, etc) handle the
> quarantining.  All ClamAV does is say "file good" or "file bad".

I guess it depends on how you use/implement ClamAV on your system.
When you install ClamAV on *nix, you will find a utility that
implements libclamav called clamscan:

clamscan --remove[=yes/no(*)] Remove infected files. Be careful!
clamscan --move=DIRECTORY Move infected files into DIRECTORY
clamscan --copy=DIRECTORY Copy infected files into DIRECTORY



On Wed, May 12, 2010 at 12:25 PM, Freddie Cash <fjwcash@gmail.com> wrote:
> On Wed, May 12, 2010 at 9:01 AM, Alain Zidouemba
> <azidouemba@sourcefire.com>wrote:
>
>> > ClamAV can only detect malware, it does not clean or even quarantine
>> > anything.
>>
>> ClamAV does not just detect malware, it can can quarantine it.
>
>
> Since when?  As long as I've been using it, it's been a detection-only
> system.  The frameworks that use ClamAV (milter, amavisd, etc) handle the
> quarantining.  All ClamAV does is say "file good" or "file bad".
>
>
>> > And it's geared toward e-mail, which means the focus of the AV DB will be
>> > threats that use e-mail as an attach vector.  As such, you won't
>> signatures
>> > in the DB for things like boot sector viruses, or rootkits, or things
>> like
>> > that.
>>
>> The focus of the AV DB is not just threat that use email as an attack
>> vector, but rather malware that can make its way to end-users
>> machines, regardless of the vector or attack.
>>
>
> That could be, although everything I've seen on this list has been that
> ClamAV is geared toward e-mail-based malware.
>
> --
> Freddie Cash
> fjwcash@gmail.com
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
I rebooted and installed "ClamAV for Windows". I have a couple of questions:

1. Unless I missed it, the UI only allows scanning stuff in RAM, not files
on hard-disks. If this is correct, does it mean users are expected to also
install ClamWin to scan hard-disks?

2. Based on the input above, ClamAV is apparently aimed at scanning e-mail
attachments. Does it mean it's not as good as proprietary AV solutions for
generally finding malware, wherever it lives (not sure why it would make a
difference, apart from the fact that an attachement-focused AV solution
wouldn't look at eg. the Registry)?

Thank you.
--
View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28539637.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
On 05/12/2010 09:40 PM, Fred-145 wrote:
>
> I rebooted and installed "ClamAV for Windows". I have a couple of questions:
>
> 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files
> on hard-disks. If this is correct, does it mean users are expected to also
> install ClamWin to scan hard-disks?

It does scan files on copy/write, and on execute. But only executables
in this version.

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
> 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files
> on hard-disks. If this is correct, does it mean users are expected to also
> install ClamWin to scan hard-disks?

The current version of ClamAV for Windows offers on-access scanning.
On-demand scanning is coming with the next release.

> 2. Based on the input above, ClamAV is apparently aimed at scanning e-mail
> attachments. Does it mean it's not as good as proprietary AV solutions for
> generally finding malware, wherever it lives (not sure why it would make a
> difference, apart from the fact that an attachement-focused AV solution
> wouldn't look at eg. the Registry)?

If you install ClamAV on a *nix box and mount a Windows share and scan
it from your *nix box, ClamAV will detect all malware files on disk
that it is configured to detect.

-Alain

On Wed, May 12, 2010 at 2:40 PM, Fred-145 <codecomplete@free.fr> wrote:
>
> I rebooted and installed "ClamAV for Windows". I have a couple of questions:
>
> 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files
> on hard-disks. If this is correct, does it mean users are expected to also
> install ClamWin to scan hard-disks?
>
> 2. Based on the input above, ClamAV is apparently aimed at scanning e-mail
> attachments. Does it mean it's not as good as proprietary AV solutions for
> generally finding malware, wherever it lives (not sure why it would make a
> difference, apart from the fact that an attachement-focused AV solution
> wouldn't look at eg. the Registry)?
>
> Thank you.
> --
> View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28539637.html
> Sent from the clamav-users mailing list archive at Nabble.com.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Alain Zidouemba wrote:
> The current version of ClamAV for Windows offers on-access scanning.
> On-demand scanning is coming with the next release.

Thanks for the clarification. I didn't know what "on-access scanning" and
"on-demand scanning" meant. So at this point, ClamAV (on the Windows
platform at least) isn't a single package, and requires both ClamWin and
ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff
in the Registry, for instance.)


Alain Zidouemba wrote:
> If you install ClamAV on a *nix box and mount a Windows share and scan
> it from your *nix box, ClamAV will detect all malware files on disk that
> it is configured to detect.

I was looking for a single-package solution that would protect Windows SOHO
users from threats both in RAM and on their mass-storage devices (in case I
need to install this software after the PC has already been in use, ie. not
in a pristine state), so having to add a Linux box just to scan their
Windows computer is a bit overkill.

Thanks everyone for the great help.
--
View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540100.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
> Thanks for the clarification. I didn't know what "on-access scanning" and
> "on-demand scanning" meant. So at this point, ClamAV (on the Windows
> platform at least) isn't a single package, and requires both ClamWin and
> ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff
> in the Registry, for instance.)

Just so you know, ClamWin is not affiliated with the creators and
maintainers of ClamAV:
http://vrt-sourcefire.blogspot.com/2010/04/what-in-name.html
As stated here http://www.clamav.net/lang/en/support/faq/faq-win32/,
you are can and are encouraged to use ClamAV for Windows with other AV
solutions.

-Alain

On Wed, May 12, 2010 at 3:23 PM, Fred-145 <codecomplete@free.fr> wrote:
>
>
> Alain Zidouemba wrote:
>> The current version of ClamAV for Windows offers on-access scanning.
>> On-demand scanning is coming with the next release.
>
> Thanks for the clarification. I didn't know what "on-access scanning" and
> "on-demand scanning" meant. So at this point, ClamAV (on the Windows
> platform at least) isn't a single package, and requires both ClamWin and
> ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff
> in the Registry, for instance.)
>
>
> Alain Zidouemba wrote:
>> If you install ClamAV on a *nix box and mount a Windows share and scan
>> it from your *nix box, ClamAV will detect all malware files on disk that
>> it is configured to detect.
>
> I was looking for a single-package solution that would protect Windows SOHO
> users from threats both in RAM and on their mass-storage devices (in case I
> need to install this software after the PC has already been in use, ie. not
> in a pristine state), so having to add a Linux box just to scan their
> Windows computer is a bit overkill.
>
> Thanks everyone for the great help.
> --
> View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540100.html
> Sent from the clamav-users mailing list archive at Nabble.com.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Fred-145 wrote:
> I rebooted and installed "ClamAV for Windows". I have a couple of questions:
>

Keep in mind that (at the moment), "ClamAV" and "ClamAV for Windows" are
two completely unrelated products.

> 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files
> on hard-disks. If this is correct, does it mean users are expected to also
> install ClamWin to scan hard-disks?
>

There is a "Start Scan" button on the "Scan" screen in the UI, but there
are no options to specify what it is scanning so I'm not sure exactly
what it does.

> 2. Based on the input above, ClamAV is apparently aimed at scanning e-mail
> attachments. Does it mean it's not as good as proprietary AV solutions for
> generally finding malware, wherever it lives (not sure why it would make a
> difference, apart from the fact that an attachement-focused AV solution
> wouldn't look at eg. the Registry)?
>

ClamAV is designed to be an e-mail scanner for Linux. ClamAV for
Windows is designed to be an on-access file scanner for Windows.

--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Fred-145 wrote:
> Alain Zidouemba wrote:
>
>> The current version of ClamAV for Windows offers on-access scanning.
>> On-demand scanning is coming with the next release.
>>
>
> Thanks for the clarification. I didn't know what "on-access scanning" and
> "on-demand scanning" meant. So at this point, ClamAV (on the Windows
> platform at least) isn't a single package, and requires both ClamWin and
> ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff
> in the Registry, for instance.)
>

"on-access scanning" means that files are scanned whenever the system
tries to access them. This means that a virus may get dropped onto the
system, but it should be detected and blocked as soon as it tries to run.

"on-demand scanning" means that you can start a scan manually to check
certain files for viruses.

Rather than using ClamWin, I would pair up ClamAV for Windows with
another of the free AV utilities such as AVG or Avira.

> Alain Zidouemba wrote:
>
>> If you install ClamAV on a *nix box and mount a Windows share and scan
>> it from your *nix box, ClamAV will detect all malware files on disk that
>> it is configured to detect.
>>
>
> I was looking for a single-package solution that would protect Windows SOHO
> users from threats both in RAM and on their mass-storage devices (in case I
> need to install this software after the PC has already been in use, ie. not
> in a pristine state), so having to add a Linux box just to scan their
> Windows computer is a bit overkill.
>

I don't think Alain was intending to suggest that for your case, he was
just pointing out that the *nix version of ClamAV is capable of scanning
Windows files for viruses.

--
Bowie
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
Bowie Bailey wrote:
> Keep in mind that (at the moment), "ClamAV" and "ClamAV for Windows" are
> two completely unrelated products.

Yup, that's what other users said above. Unfortunately, the page about
ClamAV for Windows doesn't say anywhere that it only scans for malware in
RAM, not on mass-storage:

www.clamav.net/lang/en/about/win32/

I suspect this oversight is not unrelated to ClamAV for Windows being a
closed-source product ;-)


Bowie Bailey wrote:
> There is a "Start Scan" button on the "Scan" screen in the UI, but there
> are no options to specify what it is scanning so I'm not sure exactly what
> it does.

It obviously only scans for malware in RAM. I have two 200GB hard-disks, and
they are clearly not being scanned by ClamAV for Windows.

Thank you.
--
View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540359.html
Sent from the clamav-users mailing list archive at Nabble.com.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
On 2010-05-12 22:50, Fred-145 wrote:
>
>
> Bowie Bailey wrote:
>> Keep in mind that (at the moment), "ClamAV" and "ClamAV for Windows" are
>> two completely unrelated products.
>
> Yup, that's what other users said above. Unfortunately, the page about
> ClamAV for Windows doesn't say anywhere that it only scans for malware in
> RAM, not on mass-storage:
>
> www.clamav.net/lang/en/about/win32/

It does scan files that are copied around on disks, or files that are
executed from disks.

In this version on-demand scanning has not been implemented, it will in
a future version. That doesn't mean it doesn't protect you from threats.

>
> I suspect this oversight is not unrelated to ClamAV for Windows being a
> closed-source product ;-)
>
>
> Bowie Bailey wrote:
>> There is a "Start Scan" button on the "Scan" screen in the UI, but there
>> are no options to specify what it is scanning so I'm not sure exactly what
>> it does.
>
> It obviously only scans for malware in RAM. I have two 200GB hard-disks, and
> they are clearly not being scanned by ClamAV for Windows.

Try copying a file on the disk, it should get detected (try with
clam.exe or eicar).

>
> Thank you.

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Re: [Windows] How does ClamAV compare with closed-source alternatives? [ In reply to ]
ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public License by the Free Software Foundation, and is free (as in freedom) software. To find out more about GNU GPL, please visit the following link: Philosophy of the GNU Project - Free Software Foundation.

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.(Read more...)


What part of this is NOT Open Source? it is GPL (both windows and AV).


> Date: Wed, 12 May 2010 12:50:13 -0700
> From: codecomplete@free.fr
> To: clamav-users@lists.clamav.net
> Subject: Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
>
>
>
> Bowie Bailey wrote:
> > Keep in mind that (at the moment), "ClamAV" and "ClamAV for Windows" are
> > two completely unrelated products.
>
> Yup, that's what other users said above. Unfortunately, the page about
> ClamAV for Windows doesn't say anywhere that it only scans for malware in
> RAM, not on mass-storage:
>
> www.clamav.net/lang/en/about/win32/
>
> I suspect this oversight is not unrelated to ClamAV for Windows being a
> closed-source product ;-)
>
>
> Bowie Bailey wrote:
> > There is a "Start Scan" button on the "Scan" screen in the UI, but there
> > are no options to specify what it is scanning so I'm not sure exactly what
> > it does.
>
> It obviously only scans for malware in RAM. I have two 200GB hard-disks, and
> they are clearly not being scanned by ClamAV for Windows.
>
> Thank you.
> --
> View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540359.html
> Sent from the clamav-users mailing list archive at Nabble.com.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_________________________________________________________________
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

1 2  View All