Hi there, On Thu, 6 Oct 2022, Julia - via clamav-users wrote:
I have a general question to ClamAV regarding how good ClamAV is.
It's a good question. Most people seem not to ask it.
In the internet there are lot of tests with other known products but I cannot find any for ClamAV. So, are there any tests or reviews?
I'm slightly surprised you can't find any reviews. I've seen a few which I wasn't really looking for, and just now when I ran the search "ClamAV review" there were at least dozens of hits, too many to count. There are Wikipedia articles, for example https://en.wikipedia.org/wiki/Comparison_of_antivirus_software which might help your research. For any individual ClamAV user the value of reviews is debatable for several reasons. For example there are many options in the ClamAV configuration; a reviewer might choose options which are different from those which you choose; a reviewer might have an axe to grind which you don't; you might be interested in only particular kinds of threats. Every installation is different. I only scan mail, I never scan filesystems; others only scan filesystems and never mail. Some people run Windows boxes, I (usually) don't. I'd say it's better to make your own assessment of the effectiveness in real use. You can find some of my own assessments in the mailing list archives.
My second question is: Which malwares are in ClamAVs database, only for Linux or also for Windows and Android, etc.?
Any and every kind of malware is a candidate for inclusion in the 'Official' ClamAV signature database. ClamAV relies a great deal on signatures; although it has other ways of detecting threats it can never really be very much better than the signature database that it's using but anyone can submit samples of malware to the ClamAV malware team - indeed everyone is encouraged to do that. There are numerous what we call "third-party" signature databases, each of which has its own set of guidelines. Currently there are 81 files in our ClamAV database and only three of them are the ClamAV 'official' files.
Is there a list where you can see all "supported" malwares?
Be careful what you wish for, there are around ten million of them. Most files in the signature databases are plain text, and most of them have one signature per line. Many of the lines contain the "name" of the malware or threat or whatever it is. They aren't all malware, and the name won't mean very much, it's more or less just an identifier. It isn't going to be very educational but you can just read them, or you can for example run 'grep' on a file to count the numbers of some words contained in it such as 'Win.' (not 'Windows'): $ grep -a 'Win\.' daily.cld | wc -l 323501 Try also for example 'Pdf' and 'Doc'. Naming of threats is a perennial problem, there are usually several names for each threat, some of which are used by several anti-virus vendors and some by only one or two. Can you paint us a picture of your application? -- 73, Ged. _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
