On Tue, Nov 24, 2009 at 04:17:50PM -0400, Robin wrote: > I am administering 7 Debian based LAMP servers and am working to get > anti-virus to scan uploads as they happen. Since I am a lone sheep in > the Microsoft wild of a larger organization I need to prove that Clam > is up for the task and at least at par with commercial A/V such as > McAfee Commandline Scanner. > > I have found a few articles stating that Clam is in some cases > superior to most of the commercial counterparts. > > I am looking for feedback and thoughts on this so I can bring my case > to the powers that we do not need to dish out $$ to provide virus > protection.
Your responses are likely to be biased by asking clamav-users :) So let me give a slightly more negative argument. ClamAV used to be quite fast in responding to virus threats, but is currently pretty slow in response to email viruses. We use ClamAV only to scan email on an SMTP server(farm) (approx 3E7 msgs/day). We run 3 virus scanners, and I get daily statistics on the number of viruses catched by each scanner, detailing exactly which viruses were found by which scanner. For at least half a year, clamav has been the slowest to respond to new threats, usually taking at least a day, sometimes two days, to catch up. The number of viruses that ClamAV finds that the others don't, is negligible (a handful a day, and those are usually marked as spam anyway). That said, we only use the standard databases, and we disabled phishing heuristics (too much false positives). Scanning accuracy might improve if you add other malware databases. But I don't want to spend too much CPU and memory on ClamAV. Note that this isn't a complaint - I realise I get what I pay for, but given that admin time isn't free either, ClamAV is definately worse than commercial AV products, even if you consider performance/price ratio. Be aware that YMMV. -- Jan-Pieter Cornet <[email protected]> !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
