Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 5/13/10 11:46 PM, Török Edwin wrote: On 05/14/2010 08:19 AM, Jason Haar wrote: On 05/14/2010 02:52 PM, Dennis Peterson wrote: On 5/13/10 7:10 PM, Jason Haar wrote: Why is Sourcefire allowing a third-party to use their brandname (and linking to their site) when it doesn't use ClamAV code itself? It supports other AV vendor products, but not the product it gets its name from?!?!?!? Huh!?!?? ClamAV and Immunet are in a partnership. http://www.clamav.net/lang/en/about/win32/ Thanks - but it says Immunet placed ClamAV into their Cloud infrastructure alongside their Ethos detection engine, and several other detection technologies That implied to me they were using ClamAV's engine They are, in the cloud. And the FAQ says: The current roadmap includes adding ClamAV 0.96 to the local system so that it can be used for offline scanning (without an Internet connection) Here's something else Immunet said: “What the antivirus industry is shifting toward is a data-mining problem more than an analysis problem,” Immunet’s Friedrichs says. “There are so many threats today that an analyst cannot analyze them all, so we are using data-mining techniques to find the needles in the haystack.” http://unsafebits.com/2009/10/01/antivirus-firms-look-to-solidify-cloud-model/ I think that data mining is one of the things we try to prevent with tools such as AV. I'd like to know more about what they do with all the needles they find. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 05/14/2010 08:19 AM, Jason Haar wrote: On 05/14/2010 02:52 PM, Dennis Peterson wrote: On 5/13/10 7:10 PM, Jason Haar wrote: Why is Sourcefire allowing a third-party to use their brandname (and linking to their site) when it doesn't use ClamAV code itself? It supports other AV vendor products, but not the product it gets its name from?!?!?!? Huh!?!?? ClamAV and Immunet are in a partnership. http://www.clamav.net/lang/en/about/win32/ Thanks - but it says Immunet placed ClamAV into their Cloud infrastructure alongside their Ethos detection engine, and several other detection technologies That implied to me they were using ClamAV's engine They are, in the cloud. And the FAQ says: The current roadmap includes adding ClamAV 0.96 to the local system so that it can be used for offline scanning (without an Internet connection) Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On Wed, May 12, 2010 at 4:01 PM, Fred-145 codecompl...@free.fr wrote: Török Edwin wrote: It does scan files that are copied around on disks, or files that are executed from disks. In this version on-demand scanning has not been implemented, it will in a future version. That doesn't mean it doesn't protect you from threats. Good. I think it'd be useful to make this clear on the product page (I doubt even geeks would know what on-demand scanning means, if they are not specifically focused on computer security, much less regular people), so that users don't assume that ClamAV for Windows is at this point similar in features to Kaspersky, AVG, etc. I'll keep an eye on the development of ClamAV for Windows, but at this point, it's not the kind of product I was looking for. Thanks everyone for the great feedback. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540462.html Sent from the clamav-users mailing list archive at Nabble.com. The best AV comparison listing that I could find was located at: http://www.av-comparatives.org/index.php?option=com_contentview=articleid=144Itemid=152 It does not list ClamAV however. That probably has something to do with the TOS requirement. -- Jerry clamav.u...@seibercom.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 05/13/2010 01:57 AM, Bowie Bailey wrote: No, ClamAV for Windows currently does not use the ClamAV engine (although there is talk of adding it in). It instead uses Immunet's cloud-based antivirus. http://www.immunet.com/protect Huh? That comes as a shock to me. I've installed it on my children's Windows machines *only because I thought it was integrated with ClamAV* Why is Sourcefire allowing a third-party to use their brandname (and linking to their site) when it doesn't use ClamAV code itself? It supports other AV vendor products, but not the product it gets its name from?!?!?!? Huh!?!?? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 5/12/10 12:59 PM, Shawn Bakhtiar wrote: ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public License by the Free Software Foundation, and is free (as in freedom) software. To find out more about GNU GPL, please visit the following link: Philosophy of the GNU Project - Free Software Foundation. Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.(Read more...) What part of this is NOT Open Source? it is GPL (both windows and AV). ClamWin is not ClamAV for Windows. They are two products from two different vendors. I suspect ClamAV for Windows is not open source because they want to make some money, and they can't user GPL without releasing their Windows code which they don't want to do. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 5/13/10 7:10 PM, Jason Haar wrote: On 05/13/2010 01:57 AM, Bowie Bailey wrote: No, ClamAV for Windows currently does not use the ClamAV engine (although there is talk of adding it in). It instead uses Immunet's cloud-based antivirus. http://www.immunet.com/protect Huh? That comes as a shock to me. I've installed it on my children's Windows machines *only because I thought it was integrated with ClamAV* Why is Sourcefire allowing a third-party to use their brandname (and linking to their site) when it doesn't use ClamAV code itself? It supports other AV vendor products, but not the product it gets its name from?!?!?!? Huh!?!?? ClamAV and Immunet are in a partnership. http://www.clamav.net/lang/en/about/win32/ dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 05/14/2010 02:52 PM, Dennis Peterson wrote: On 5/13/10 7:10 PM, Jason Haar wrote: Why is Sourcefire allowing a third-party to use their brandname (and linking to their site) when it doesn't use ClamAV code itself? It supports other AV vendor products, but not the product it gets its name from?!?!?!? Huh!?!?? ClamAV and Immunet are in a partnership. http://www.clamav.net/lang/en/about/win32/ Thanks - but it says Immunet placed ClamAV into their Cloud infrastructure alongside their Ethos detection engine, and several other detection technologies That implied to me they were using ClamAV's engine - which contradicts what was said earlier. Does Immunet's ClamAV for Windows actually use ClamAV's engine? i.e. what did Immunet get out of this other than a name? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 5/13/10 10:19 PM, Jason Haar wrote: On 05/14/2010 02:52 PM, Dennis Peterson wrote: On 5/13/10 7:10 PM, Jason Haar wrote: Why is Sourcefire allowing a third-party to use their brandname (and linking to their site) when it doesn't use ClamAV code itself? It supports other AV vendor products, but not the product it gets its name from?!?!?!? Huh!?!?? ClamAV and Immunet are in a partnership. http://www.clamav.net/lang/en/about/win32/ Thanks - but it says Immunet placed ClamAV into their Cloud infrastructure alongside their Ethos detection engine, and several other detection technologies That implied to me they were using ClamAV's engine - which contradicts what was said earlier. Does Immunet's ClamAV for Windows actually use ClamAV's engine? i.e. what did Immunet get out of this other than a name? Did you read the FAQ? http://www.clamav.net/lang/en/support/faq/faq-win32/ Personally I'd be more worried about what Immunet is learning about me and my system than anything else. As for what they get, well, they get to crawl your files. If you're already comfortable with Google or MSFT or Yahoo crawling through all your email and attachments then this is probably no big deal. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
ClamAV is not specifically designed to be a host-based AV although you can use it as such. If you want a ClamAV solution specially designed to run on end systems, check out ClamAV for Windows: http://www.clamav.net/lang/en/about/win32/ -Alain On Wed, May 12, 2010 at 9:16 AM, Henrik K h...@hege.li wrote: On Wed, May 12, 2010 at 06:08:38AM -0700, Fred-145 wrote: Hello I searched the archives of this mailing-list (the web interface to the archives of the ClamWin doesn't provide a search option) and read the links provided in the subscription e-mail (www.clamav.net/support/ml, www.clamav.net/support/faq, wiki.clamav.net), but only found a single thread from 2004 on the subjet. I like the fact that ClamAV is open-source, but I can only recommend ClamAV-included live CDs (like www.trinityhome.org or www.sysresccd.org) to customers if it's as reliable as the closed-source leaders such as Kasperksy or AVG in detecting (and ideally, fixing) viruses on Windows hosts. Is there a recent and unbiased review of ClamAV vs. closed-source alternatives? As ClamAV itself says: designed especially for e-mail scanning on mail gateways. Given this purpose and the (little) amount of staff writing signatures, it's obvious that ClamAV is not reliable for fixing infected computers. It's meant for detecting incoming threats. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
azidouemba wrote: ClamAV is not specifically designed to be a host-based AV although you can use it as such. If you want a ClamAV solution specially designed to run on end systems, check out ClamAV for Windows Thanks for the link. I assume that ClamAV for Windows uses the same virus database as the *nix ClamAV, which would mean it's not a good alternative to closed-source commercial alternatives like Kaspersky, etc.? Is there a recent comparison of ClamAV against commercial alternatives? -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28536134.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Fred-145 wrote: azidouemba wrote: ClamAV is not specifically designed to be a host-based AV although you can use it as such. If you want a ClamAV solution specially designed to run on end systems, check out ClamAV for Windows Thanks for the link. I assume that ClamAV for Windows uses the same virus database as the *nix ClamAV, which would mean it's not a good alternative to closed-source commercial alternatives like Kaspersky, etc.? Is there a recent comparison of ClamAV against commercial alternatives? No, ClamAV for Windows currently does not use the ClamAV engine (although there is talk of adding it in). It instead uses Immunet's cloud-based antivirus. http://www.immunet.com/protect -- Bowie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Technically speaking, ClamAV is open-source. However, we do not provide the code for ClamAV for Windows, therefore ClamAV for Windows is close-source just like the other AV solutions you mentioned. When it comes to whether ClamAV for Windows is going to fit your needs, you will have to decide that for yourself. I will only add that ClamAV for Windows uses an advances cloud-architecture that improves upon the detections provided by ClamAV's virus DB (which by the way is maintained by researchers who in the past have worked large AV vendors such as the ones behind the products you talked about). Hope that helps, -Alain On Wed, May 12, 2010 at 9:42 AM, Fred-145 codecompl...@free.fr wrote: azidouemba wrote: ClamAV is not specifically designed to be a host-based AV although you can use it as such. If you want a ClamAV solution specially designed to run on end systems, check out ClamAV for Windows Thanks for the link. I assume that ClamAV for Windows uses the same virus database as the *nix ClamAV, which would mean it's not a good alternative to closed-source commercial alternatives like Kaspersky, etc.? Is there a recent comparison of ClamAV against commercial alternatives? -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28536134.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
azidouemba wrote: When it comes to whether ClamAV for Windows is going to fit your needs, you will have to decide that for yourself. Unfortunately, I don't have the time and skills for this, so I'd like to read an unbiased and recent comparison. I assume it's possible to setup a bunch of Windows computers, each with a different AV solution, programmatically hit them with thousands of well-known viruses, and see how they fare? -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28536422.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On Wed, May 12, 2010 at 6:08 AM, Fred-145 codecompl...@free.fr wrote: I searched the archives of this mailing-list (the web interface to the archives of the ClamWin doesn't provide a search option) and read the links provided in the subscription e-mail (www.clamav.net/support/ml, www.clamav.net/support/faq, wiki.clamav.net), but only found a single thread from 2004 on the subjet. I like the fact that ClamAV is open-source, but I can only recommend ClamAV-included live CDs (like www.trinityhome.org or www.sysresccd.org) to customers if it's as reliable as the closed-source leaders such as Kasperksy or AVG in detecting (and ideally, fixing) viruses on Windows hosts. Is there a recent and unbiased review of ClamAV vs. closed-source alternatives? ClamAV can only detect malware, it does not clean or even quarantine anything. And it's geared toward e-mail, which means the focus of the AV DB will be threats that use e-mail as an attach vector. As such, you won't signatures in the DB for things like boot sector viruses, or rootkits, or things like that. If you need something to go on a LiveCD for scanning, repairing, and recovering Windows systems, ClamAV is not what you want. -- Freddie Cash fjwc...@gmail.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On Wed, May 12, 2010 at 9:01 AM, Alain Zidouemba azidoue...@sourcefire.comwrote: ClamAV can only detect malware, it does not clean or even quarantine anything. ClamAV does not just detect malware, it can can quarantine it. Since when? As long as I've been using it, it's been a detection-only system. The frameworks that use ClamAV (milter, amavisd, etc) handle the quarantining. All ClamAV does is say file good or file bad. And it's geared toward e-mail, which means the focus of the AV DB will be threats that use e-mail as an attach vector. As such, you won't signatures in the DB for things like boot sector viruses, or rootkits, or things like that. The focus of the AV DB is not just threat that use email as an attack vector, but rather malware that can make its way to end-users machines, regardless of the vector or attack. That could be, although everything I've seen on this list has been that ClamAV is geared toward e-mail-based malware. -- Freddie Cash fjwc...@gmail.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Since when? As long as I've been using it, it's been a detection-only system. The frameworks that use ClamAV (milter, amavisd, etc) handle the quarantining. All ClamAV does is say file good or file bad. I guess it depends on how you use/implement ClamAV on your system. When you install ClamAV on *nix, you will find a utility that implements libclamav called clamscan: clamscan --remove[=yes/no(*)] Remove infected files. Be careful! clamscan --move=DIRECTORY Move infected files into DIRECTORY clamscan --copy=DIRECTORY Copy infected files into DIRECTORY On Wed, May 12, 2010 at 12:25 PM, Freddie Cash fjwc...@gmail.com wrote: On Wed, May 12, 2010 at 9:01 AM, Alain Zidouemba azidoue...@sourcefire.comwrote: ClamAV can only detect malware, it does not clean or even quarantine anything. ClamAV does not just detect malware, it can can quarantine it. Since when? As long as I've been using it, it's been a detection-only system. The frameworks that use ClamAV (milter, amavisd, etc) handle the quarantining. All ClamAV does is say file good or file bad. And it's geared toward e-mail, which means the focus of the AV DB will be threats that use e-mail as an attach vector. As such, you won't signatures in the DB for things like boot sector viruses, or rootkits, or things like that. The focus of the AV DB is not just threat that use email as an attack vector, but rather malware that can make its way to end-users machines, regardless of the vector or attack. That could be, although everything I've seen on this list has been that ClamAV is geared toward e-mail-based malware. -- Freddie Cash fjwc...@gmail.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
I rebooted and installed ClamAV for Windows. I have a couple of questions: 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files on hard-disks. If this is correct, does it mean users are expected to also install ClamWin to scan hard-disks? 2. Based on the input above, ClamAV is apparently aimed at scanning e-mail attachments. Does it mean it's not as good as proprietary AV solutions for generally finding malware, wherever it lives (not sure why it would make a difference, apart from the fact that an attachement-focused AV solution wouldn't look at eg. the Registry)? Thank you. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28539637.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 05/12/2010 09:40 PM, Fred-145 wrote: I rebooted and installed ClamAV for Windows. I have a couple of questions: 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files on hard-disks. If this is correct, does it mean users are expected to also install ClamWin to scan hard-disks? It does scan files on copy/write, and on execute. But only executables in this version. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
1. Unless I missed it, the UI only allows scanning stuff in RAM, not files on hard-disks. If this is correct, does it mean users are expected to also install ClamWin to scan hard-disks? The current version of ClamAV for Windows offers on-access scanning. On-demand scanning is coming with the next release. 2. Based on the input above, ClamAV is apparently aimed at scanning e-mail attachments. Does it mean it's not as good as proprietary AV solutions for generally finding malware, wherever it lives (not sure why it would make a difference, apart from the fact that an attachement-focused AV solution wouldn't look at eg. the Registry)? If you install ClamAV on a *nix box and mount a Windows share and scan it from your *nix box, ClamAV will detect all malware files on disk that it is configured to detect. -Alain On Wed, May 12, 2010 at 2:40 PM, Fred-145 codecompl...@free.fr wrote: I rebooted and installed ClamAV for Windows. I have a couple of questions: 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files on hard-disks. If this is correct, does it mean users are expected to also install ClamWin to scan hard-disks? 2. Based on the input above, ClamAV is apparently aimed at scanning e-mail attachments. Does it mean it's not as good as proprietary AV solutions for generally finding malware, wherever it lives (not sure why it would make a difference, apart from the fact that an attachement-focused AV solution wouldn't look at eg. the Registry)? Thank you. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28539637.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Alain Zidouemba wrote: The current version of ClamAV for Windows offers on-access scanning. On-demand scanning is coming with the next release. Thanks for the clarification. I didn't know what on-access scanning and on-demand scanning meant. So at this point, ClamAV (on the Windows platform at least) isn't a single package, and requires both ClamWin and ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff in the Registry, for instance.) Alain Zidouemba wrote: If you install ClamAV on a *nix box and mount a Windows share and scan it from your *nix box, ClamAV will detect all malware files on disk that it is configured to detect. I was looking for a single-package solution that would protect Windows SOHO users from threats both in RAM and on their mass-storage devices (in case I need to install this software after the PC has already been in use, ie. not in a pristine state), so having to add a Linux box just to scan their Windows computer is a bit overkill. Thanks everyone for the great help. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540100.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Thanks for the clarification. I didn't know what on-access scanning and on-demand scanning meant. So at this point, ClamAV (on the Windows platform at least) isn't a single package, and requires both ClamWin and ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff in the Registry, for instance.) Just so you know, ClamWin is not affiliated with the creators and maintainers of ClamAV: http://vrt-sourcefire.blogspot.com/2010/04/what-in-name.html As stated here http://www.clamav.net/lang/en/support/faq/faq-win32/, you are can and are encouraged to use ClamAV for Windows with other AV solutions. -Alain On Wed, May 12, 2010 at 3:23 PM, Fred-145 codecompl...@free.fr wrote: Alain Zidouemba wrote: The current version of ClamAV for Windows offers on-access scanning. On-demand scanning is coming with the next release. Thanks for the clarification. I didn't know what on-access scanning and on-demand scanning meant. So at this point, ClamAV (on the Windows platform at least) isn't a single package, and requires both ClamWin and ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff in the Registry, for instance.) Alain Zidouemba wrote: If you install ClamAV on a *nix box and mount a Windows share and scan it from your *nix box, ClamAV will detect all malware files on disk that it is configured to detect. I was looking for a single-package solution that would protect Windows SOHO users from threats both in RAM and on their mass-storage devices (in case I need to install this software after the PC has already been in use, ie. not in a pristine state), so having to add a Linux box just to scan their Windows computer is a bit overkill. Thanks everyone for the great help. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540100.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Fred-145 wrote: I rebooted and installed ClamAV for Windows. I have a couple of questions: Keep in mind that (at the moment), ClamAV and ClamAV for Windows are two completely unrelated products. 1. Unless I missed it, the UI only allows scanning stuff in RAM, not files on hard-disks. If this is correct, does it mean users are expected to also install ClamWin to scan hard-disks? There is a Start Scan button on the Scan screen in the UI, but there are no options to specify what it is scanning so I'm not sure exactly what it does. 2. Based on the input above, ClamAV is apparently aimed at scanning e-mail attachments. Does it mean it's not as good as proprietary AV solutions for generally finding malware, wherever it lives (not sure why it would make a difference, apart from the fact that an attachement-focused AV solution wouldn't look at eg. the Registry)? ClamAV is designed to be an e-mail scanner for Linux. ClamAV for Windows is designed to be an on-access file scanner for Windows. -- Bowie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Fred-145 wrote: Alain Zidouemba wrote: The current version of ClamAV for Windows offers on-access scanning. On-demand scanning is coming with the next release. Thanks for the clarification. I didn't know what on-access scanning and on-demand scanning meant. So at this point, ClamAV (on the Windows platform at least) isn't a single package, and requires both ClamWin and ClamAV for Windows, and possibly more (not sure if ClamWin scans for stuff in the Registry, for instance.) on-access scanning means that files are scanned whenever the system tries to access them. This means that a virus may get dropped onto the system, but it should be detected and blocked as soon as it tries to run. on-demand scanning means that you can start a scan manually to check certain files for viruses. Rather than using ClamWin, I would pair up ClamAV for Windows with another of the free AV utilities such as AVG or Avira. Alain Zidouemba wrote: If you install ClamAV on a *nix box and mount a Windows share and scan it from your *nix box, ClamAV will detect all malware files on disk that it is configured to detect. I was looking for a single-package solution that would protect Windows SOHO users from threats both in RAM and on their mass-storage devices (in case I need to install this software after the PC has already been in use, ie. not in a pristine state), so having to add a Linux box just to scan their Windows computer is a bit overkill. I don't think Alain was intending to suggest that for your case, he was just pointing out that the *nix version of ClamAV is capable of scanning Windows files for viruses. -- Bowie ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Bowie Bailey wrote: Keep in mind that (at the moment), ClamAV and ClamAV for Windows are two completely unrelated products. Yup, that's what other users said above. Unfortunately, the page about ClamAV for Windows doesn't say anywhere that it only scans for malware in RAM, not on mass-storage: www.clamav.net/lang/en/about/win32/ I suspect this oversight is not unrelated to ClamAV for Windows being a closed-source product ;-) Bowie Bailey wrote: There is a Start Scan button on the Scan screen in the UI, but there are no options to specify what it is scanning so I'm not sure exactly what it does. It obviously only scans for malware in RAM. I have two 200GB hard-disks, and they are clearly not being scanned by ClamAV for Windows. Thank you. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540359.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 2010-05-12 22:50, Fred-145 wrote: Bowie Bailey wrote: Keep in mind that (at the moment), ClamAV and ClamAV for Windows are two completely unrelated products. Yup, that's what other users said above. Unfortunately, the page about ClamAV for Windows doesn't say anywhere that it only scans for malware in RAM, not on mass-storage: www.clamav.net/lang/en/about/win32/ It does scan files that are copied around on disks, or files that are executed from disks. In this version on-demand scanning has not been implemented, it will in a future version. That doesn't mean it doesn't protect you from threats. I suspect this oversight is not unrelated to ClamAV for Windows being a closed-source product ;-) Bowie Bailey wrote: There is a Start Scan button on the Scan screen in the UI, but there are no options to specify what it is scanning so I'm not sure exactly what it does. It obviously only scans for malware in RAM. I have two 200GB hard-disks, and they are clearly not being scanned by ClamAV for Windows. Try copying a file on the disk, it should get detected (try with clam.exe or eicar). Thank you. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public License by the Free Software Foundation, and is free (as in freedom) software. To find out more about GNU GPL, please visit the following link: Philosophy of the GNU Project - Free Software Foundation. Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.(Read more...) What part of this is NOT Open Source? it is GPL (both windows and AV). Date: Wed, 12 May 2010 12:50:13 -0700 From: codecompl...@free.fr To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives? Bowie Bailey wrote: Keep in mind that (at the moment), ClamAV and ClamAV for Windows are two completely unrelated products. Yup, that's what other users said above. Unfortunately, the page about ClamAV for Windows doesn't say anywhere that it only scans for malware in RAM, not on mass-storage: www.clamav.net/lang/en/about/win32/ I suspect this oversight is not unrelated to ClamAV for Windows being a closed-source product ;-) Bowie Bailey wrote: There is a Start Scan button on the Scan screen in the UI, but there are no options to specify what it is scanning so I'm not sure exactly what it does. It obviously only scans for malware in RAM. I have two 200GB hard-disks, and they are clearly not being scanned by ClamAV for Windows. Thank you. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540359.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
On 2010-05-12 22:59, Shawn Bakhtiar wrote: ClamWin Free Antivirus is based on ClamAV engine and uses GNU General Public License by the Free Software Foundation, and is free (as in freedom) software. To find out more about GNU GPL, please visit the following link: Philosophy of the GNU Project - Free Software Foundation. Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.(Read more...) What part of this is NOT Open Source? it is GPL (both windows and AV). ClamAV for Windows is neither of these, it is a 3rd product. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] [Windows] How does ClamAV compare with closed-source alternatives?
Török Edwin wrote: It does scan files that are copied around on disks, or files that are executed from disks. In this version on-demand scanning has not been implemented, it will in a future version. That doesn't mean it doesn't protect you from threats. Good. I think it'd be useful to make this clear on the product page (I doubt even geeks would know what on-demand scanning means, if they are not specifically focused on computer security, much less regular people), so that users don't assume that ClamAV for Windows is at this point similar in features to Kaspersky, AVG, etc. I'll keep an eye on the development of ClamAV for Windows, but at this point, it's not the kind of product I was looking for. Thanks everyone for the great feedback. -- View this message in context: http://old.nabble.com/-Windows--How-does-ClamAV-compare-with-closed-source-alternatives--tp28535727p28540462.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
