Hiya, ClamAV is in the news. Today heise.de published an article about web.de and there new use of ClamAV. That article (in German) can be found at:
http://www.heise.de/newsticker/data/hob-04.12.03-000/ For all non-Germans of you I made a quick translation of the German text. Please, I do not share any of those opinions, I repeat, I do not share any of those opinions. I just thought, you should know what heise.de is writing. -----snip----- web.de want to protect email users against malicious code web.de[1] has added virus protection to it freemail service for all its customers. As the company stated, all incoming emails will be tested against viruses, worms and trojans on user request. Infected attachments will be removed or moved to a spam folder called "unwanted". In a short test by heise online the new service did not recognize all viruses and worms. Supprised by this result, we asked the company, what software they use. web.de uses two tools for virus scans: outgoing mails are checked by F-Secure-Scanner[2], incoming mails are scanned by the Open-Source-Software Clam AntiVirus[3]. While F-Secure was able to stand a test in c't [German Computer Magazine by heise] [4], the alpha version 0.54 of ClamAV failed as a result of its low recognition rate of viruses and worms. To its customers web.de explained today that the scanner provides an effective protection of their mail account and PCs. This looks delusive after the c't test. Therefore heise online asked the anti virus expert Andreas Marx[5] of university Magdeburg to re-check the version 0.65 of ClamAV supposably used by web.de. The results: Of 716 widely spread Viruses from the current "wildlist"[6] ClamAV only recognised 242, that is a quote of 33,8%. "You cannot call the virus protection of ClamAV as such", Marx commented the result. Every commercial virus scanner gets a recognition rate of 99 to 100 percent in these tests. Because ClamAV does not include a code emulation it is currently useless against polymorphic viruses. In the test it recognised 0,3 percent of the 70,000 tested files. For comparison: scanners from Symantec, Network Associates/McAfee, Trend Micro and other companies do find all 70,000 infected files. An OLE2 engine is also missing, so the scanner misses practically all macro viruses. It was noticeable that ClamAV often triggered false positive: of 5000 clean files that he checked with ClamAV, more than 50 were detected as virus infected, Marx explained. He attributed these false positives to the bad quality of the signature database of ClamAV. Experts like Marx expressly point out that the Open-Source-Project ClamAV is currently in alpha stage and should not be used in production environments as the only virus scanner. web.de is doing the developers of ClamAv and there own customers a disservice. The company itself argues that they have resulted ver good recognition rates with internal tests. [1] http://www.web.de/ [2] http://www.f-secure.com/ [3] http://clamav.elektrapro.com/ [4] http://www.heise.de/security/artikel/39978/0 [5] http://www.av-test.de/ [6] http://www.wildlist.org/ ----snip-------------- Alex -- Alex Pleiner zeitform Internet Dienste Fraunhoferstrasse 5 64283 Darmstadt, Germany http://www.zeitform.de Tel.: +49 (0)6151 155-635 mailto:[EMAIL PROTECTED] Fax: +49 (0)6151 155-634 GnuPG/PGP Key-ID: 0x613C21EA ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
