On Mon, 01 Dec 2003 at 14:00:56 -0600, Joshua French wrote:
>
> I am trying to find out the difference(s) between ClamAV's virus db and
> any given commercial product. In the latter, I've noted that they have
> covered 70-80k viruses, whereas ClamAV has somewhere around 10k in its
> definitions.
>
> Is this an apples and oranges comparison? Does ClamAV's 10k not include
> variants in it's numbers, but does in fact cover them?
>
> If anyone can provide some info regarding this, that would be most
> appreciated.
>
I can see that Chris McKeever and Daniel J. McDonald provided some
opinion on a "number of recognised viruses" topic. They are right that
our priority is reacting to new viruses. We also add many signatures of
older viruses when time permits.
As a related note, I'm forwarding my message which I sent to
"postfix-users" mailing list about quickness of adding signatures of new
viruses. I spent a few hours on preparing this comparison so I think
that it deserves posting here as well :-) .
=========================================================================
Date: Fri, 21 Nov 2003 23:06:38 +0100
From: Tomasz Papszun <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: What's the best Anti-virus software?
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
On Tue, 18 Nov 2003 at 15:36:09 +0100, Marcel Weber wrote:
> [...]
>
> If checking emails for virii is not too critical to you, you could give
> a try to clamav. It's free, opensource and quite good (Well it gets
> better from day to day ;-) ). I use it on two servers (not really high
> traffic ones) together with amavisd-new with good results. It detects
> about 12000 virii, compared to the 88000 virii sophos knows about. But
> this covers most NEWER email virii. Of course, with sophos you get
> quicker updates, as soon a new virus appears in the wild. With clamav it
> takes sometimes a day or two until the signatures find their way into
> the database.
>
I'd like to contradict the last two sentences.
ClamAV adds signatures to it's database often more quickly than
commercial AV scanners.
As particularly Sophos was mentioned above, here you are a comparison
using dates of announcements of databases updates by ClamAV and by
Sophos. As examples, a few latest widely distributed viruses/trojans
are used.
Viruses' names used here are according to Sophos. Aliases are given in
brackets. Timestamps of announcements are in GMT.
virusname ClamAV Sophos
------------------------------------ --------------- ---------------
W32/Sobig-F 19 Aug 10:05 19 Aug 10:48
W32/SobigF-Dam 2 Sep 19:47 5 Sep 09:28
Troj/Apdoor-A (Backdoor.Coreflood.B) 5 Sep 23:06 10 Sep 10:05
Troj/BDSinit-A (Trojan.Fakesvc.C) 24 Oct 19:29 10 Nov 16:52
W32/Holar-I (W32.Galil.C) 26 Oct 14:42 29 Oct 12:13
W32/Sober-A 26 Oct 18:08 27 Oct 05:49
W32/Sober-Enc 29 Oct 00:42 30 Oct 11:48
W32/Mimail-C (Worm.Bics) 31 Oct 12:36 31 Oct 13:20
JS/Flea-B (JS.Fortnight.Enc) 13 Nov 00:10 20 Nov 16:29
Please note that I'm not saying that Sophos' software is worse than
ClamAV. I'm just giving a few facts. Sometimes one is quicker, sometimes
the other.
Regards
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
[EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
[EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
=========================================================================
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
