Robin wrote:
Jan Pieter: Thanks for balancing out the arguments!
I have been trying to convince the upper end folks to accept clamav so
I was looking for some good use cases compared to McAfee CommandLine
Scanner, since this would be the product I would use from the
corporate standard of McAfee.
Since I will be using the scanner on-demand I tested it scanning a
simple file and it was 10x slower than ClamAV. I am not really
concerned about email viruses as I will be scanning document formats
(odt, docx, doc, etc). The speed is another argument that I am trying
to put forward as well.
Regards,
Robin
http://www.barracudanetworks.com/ns/legal/
It's so good that TrendMicro thought it worth going to court to stop it.
I used ClamAV for years on a very large commercial web site. We had less than
1000 employees and about 1M messages/week at that time. We scanned all messages
coming and going in real time. We used Jose-Martins da Cruz's excellent
J-Chkmail milter in a 3-way cluster of Sun servers. The milter provided the
interface to Sendmail and ClamAV as well as providing excellent greylisting with
a central greylist server/database, regex filtering, behavior controls, URLBL
integration, and much more.
We were dropping 90% of all incoming messages for spam, viruses, etc. They've
since gone with MessageLabs mail services. I don't work there any longer but I
understand spam got much worse after moving away from an in-house solution.
Having bloviated about all that, we got far more hits using SaneSecurity
signatures than ClamAV sigs. My own small server still reflects that ratio.
Here's some quick scans of found viruses.
$ awk '/FOUND/ {print $(NF-1)}' clamd.log[0-4] |sort |wc -l
637
$ awk '/FOUND/ {print $(NF-1)}' clamd.log[0-4 |sort -u |wc -l
73
$ awk '/FOUND/ {print $(NF-1)}' clamd.log[0-4] |sort -u |grep -c Sanesecur
43
$ awk '/FOUND/ {print $(NF-1)}' clamd.log[0-4] |sort -u |grep -c -v Sanesecur
30
$ awk '/UNOFFICIAL/ {print $(NF-1)}' clamd* |sort -u |wc -l
69
637 "viruses" found
73 unique signatures
43 signatures from SaneSecurity
30 signatures from all other sources
69 of 73 signatures were "UNOFFICIAL"
Out of what, half a million signatures, total? But of course next month it will
be a different set of unique signatures.
I quoted viruses above because much of what is found is actually blacklisted
URL's, scams, spam, etc. Very few true viruses show up anymore.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
