On Tuesday 04 May 2004 4:46 pm, Russ Phillips wrote:
> Hi,
>
> I have a query. Most commercial AV software claims to catch something
> like 70,000+ viruses. On the other hand, ClamAV claims to catch 20,000+
> viruses.
>
> Why the difference? Is it because McAfee, Sophos et al consider each and
> every variant to be a different virus, and ClamAV doesn't?
Yes.
> Or does ClamAV not detect some older viruses?
Yes.
> Or something else?
Yes. ClamAV is not a commercial product with an associated marketing
division, and therefore the project does not have the same attitude towards
"one-upmanship" and "marketing b*llsh*t" which commercial vendors do.
Cynical attitude turned down for a moment, though, it's worth asking any
commercial vendor claiming to recognise 70k+ viruses "how many of those have
ever been seen in the wild?", as a large number of them are likely to be
research viruses only, never found outside the lab and the private
virus-exchange club run by these companies.
> I ask because I'm planning to deploy ClamAV at work, and I want to be
> able to give my boss an honest answer when he asks (as he's bound to)
> why ClamAV doesn't catch as many viruses as McAfee.
You pick a good example there - I run a mail server with both A-V scanners on
it (along with a few others), and I consider McAfee to be quite terrible
regarding how long it can take them to publish a signature for a new virus.
I would say the way to convince your boss is simple - set up a mail server
running ClamAV and put it in front of the machine running McAfee (ie: the
mail goes through ClamAV and gets cleaned before it gets seen by McAfee).
Let him see how many (or rather, how few) viruses get seen by the McAfee box.
Even better would be if you could put them the other way around - scan with
McAfee first, then ClamAV, and show him that ClamAV picks up things which
McAfee misses (at least for the first few days after a new virus, before
McAfee get round to creating a signature). However, I suspect that's not so
easy, since you probably have mailboxes hosted on the existing server, which
you couldn't easily move.
Regards,
Antony.
--
There's no such thing as bad weather - only the wrong clothes.
- Billy Connolly
Please reply to the list;
please don't CC me.
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
