Slashdot Mirror

← Back to Domains

Domain: clamav.net

Stories and comments across the archive that link to clamav.net.

Comments · 177

  1. Re:That's all very nice, but Sophos is 'moneyware' by docbrazen · · Score: 5, Informative · on New Viruses Hit 30-Month High

    You could try:

    ClamAV, A GPL virus scanner featuring:
    * command-line scanner
    * fast, multi-threaded daemon
    * milter interface for sendmail
    * database updater with support for digital signatures
    * virus scanner C library
    * on-access scanning (Linux and FreeBSD)
    * detection of over 20000 viruses, worms and trojans
    * built-in support for RAR (2.0), Zip, Gzip, Bzip2
    * built-in support for Mbox, Maildir and raw mail files

    I use ClamAV on my mail server and it works pretty good.

    There is also an open source windows version called ClamWin Antivirus.

  2. Re:Too bad by docbrazen · · Score: 2, Interesting · on New Viruses Hit 30-Month High

    Other anti-virus programs, like the open source ClamAV, can not disinfect files. According to them: "cleaning viruses from files is virtually pointless these days. It is very seldom that there is anything useful left after cleaning, and even if there is, would you trust it?"

  3. [offtop] Re:Read the EULA? by Anonymous Coward · · Score: 0 · on Flash 7 for Linux Released

    We ended up paying for a virus scanner, but didn't end up buying it from them.
    Open source virus scanning. Works good.
  4. Clam Anti-Virus by npsimons · · Score: 1 · on TheOpenCD 1.4 Released

    I'm surprised no one has mentioned Clam Anti-Virus yet. They even have a Windows port and a Windows GUI frontend.

  5. Whoops, Open AntiVirus doesn't have updates by Orion+Blastar · · Score: 1 · on A Public Library's Linux Success Story
    Someone please join their team and help them out. :)


    Try ClamAV instead.

  6. Re:I'd pay five bucks for my MOTHER-IN-LAW by ticktockticktock · · Score: 2, Informative · on Red Hat Desktop Unveiled

    Like f-prot, Clam Antivirus, and Vexira Antivirus?

  7. Re:It's not that surprising . . . by cyways · · Score: 1 · on Netsky Worm Variant Attacks P2P Services

    I found ZoneAlarm to be quite a hit on my machine's performance. I also didn't like having to deal with 10 prompts everytime I opened a net-using program.

    For me, this is the reason I run ZoneAlarm. I want to know if some piece of malware is trying to phone home. For me the dangerous vector is web sites since I scan all my mail with MailScanner and ClamAV. Just blocking messages with executable attachments stops nearly all common email viruses/worms/trojans. It's that spyware stuff that poses a greater threat here.

    And, just what performance hit are we talking about? A pop-up warning box that you can clear with one click? My copy of ZA is running in just 2MB of memory and has no apparent effect on the system's responsiveness.

  8. 2.5 new viruses per day by prandal · · Score: 1 · on Unprecedented level of Virus Alerts

    232 alerts in 91 days...

    And how often does your antivirus vendor update its patterns?

    Therein lies the reason why antivirus software is so ineffective.

    Thank god for ClamAV on our email gateway.

    So far today, 28% (936 out of 3260) of our incoming emails have had viruses in them.

    Scary!

    Phil

  9. Re:Question about AV software by X · · Score: 4, Informative · on Unprecedented level of Virus Alerts

    It's really not as bad as you think. A relatively naive approach is to build an automaton based on the virus definitions. It's very much like using Perl regexps to search a ton of documents. You'd be amazed how fast you can do these scans once all you do is read a byte, transition to the next state in the automaton, rinse, repeat.

    Of course, you can always look at the source to figure it out.

  10. Re:protecting from viruses by macdaddy · · Score: 1 · on Nasty New Virus Variants

    ClamAV is a good tool. It doesn't catch everything but it catches most everything. I use and recommend it. My AV checking is broken at the moment but I hope to get it fixed soon...

  11. Yes and No by macdaddy · · Score: 5, Informative · on Nasty New Virus Variants
    Yes mail admins should implement AV solutions at their borders and within the central mail system itself. All outbound/inbound, inbound/outbound, and inbound/inbound mail should be scanned. However, the providers should not bear the full burden of AV filtering by itself.

    AV solutions can and do break. Our's did at my provider. We still haven't got it back online. Our users have had to endure the full brunt of infected email for far too long.

    No single AV solution can be up-to-date at all times. For starters we can't update our virus definitions within minutes of a newly discovered virus. It just doesn't happen. AV companies couldn't afford the bandwidth without raising our costs beyond what's considered reasonable. Free solutions such as ClamAV certainly couldn't afford it. Also, not all AV companies discover viruses at the same time. F-Prot might find the latest version of MyDoom before Symantec does. The fact that they found it means it's already in the wild as someone has had to analize it, create a patch for the defs to match this virus, get the patch through Q&A, and get it approved for the next release. There could be numerous hours between the virus getting into the wild, being discovered, being analyzed, and being caught in the latest virus defs.

    Finally no defense of any kind should ever be one layer thick. One layer thick means you have no backup plan. No backup plan means you have no contingency for failures. No contingency for failures means your DRP (disaster recovery plan) has either been written fraudulently or you don't have one. In today's business world that means you'd better start updating your resume. A provider's mail system should not be the only line of defense from email-based viruses. Every single end-user desktop should have an up-to-date AV tool scanning all mail ahead or as a companion to the MUA. This is the *only* acceptable means of defense. You have to have end to end protection.

    Many AV company's licensing scheme take both mail system users and desktops into account. Read the wording carefully because you may very well be able to use the end-user license to cover that user's part of the mail system....

  12. Re:protecting from viruses by Dominic_Mazzoni · · Score: 5, Informative · on Nasty New Virus Variants

    the ISPs need to have some server-side virus scan running. we do through our company's email server, and so far, it seems to work like a champ

    This is so true...unlike spam, it's quite possible to detect 100% of known viruses with no false positives. That's because every virus must contain essentially the same payload. Viruses simply can't vary their content as much as spam can, because it has to result in executable code, plus some MIME trick or IE/Outlook exploit, either of which have no legitimate use and could be detected easily.

    I started running ClamAV on my mail server a couple of weeks ago (after seeing a recommendation for it on Slashdot) and since then I have seen my viruses go down from 500 a day to 1 a week. I manually looked through thousands of the held messages and found no false positives, so now anything that ClamAV scans goes directly to /dev/null.

    I have no idea why all ISPs don't use ClamAV! Obviously they don't need to throw messages away, just in case - advanced users might prefer that messages probably containing viruses just be quarantined instead - but that would eliminate the problem for most people.

  13. I wonder... by ion_ · · Score: 1 · on Catching (Real) Viruses With Silicon

    Will the chip's specs be released to public? This chip would be very useful in mail servers that do virus scanning. It would only be a matter of time until e.g. Clam AntiVirus supports this chip.

    PS. Does anyone know whether it supports Ogg Vorbis?

  14. Quick fix: by KodaK · · Score: 4, Informative · on Virus Creators Sharing More Code
    MailScanner + SpamAssassin + Clamav.

    Stops unwanted mail dead.

    Finally be able to stop bitching about your inbox.

    100% Free.

    Small catch: you need your own mailserver. Answer: add procmail to your recipie. Ha, get it?

    MailScanner
    SpamAssassin
    ClamAV

  15. Re:Overkill by drinkypoo · · Score: 1 · on Comcast Cuts Infected PCs' Network Connections

    You're right about extra hardware. However:

    ClamAV seems to have the best reviews.

    I snarfed all this out of a /. comment or two a little while back, and mailed the links to my boss, who was recently complaining about the high cost of email server antivirus software. I haven't tested any of them because I don't have a colocated server and comcast does not offer static IP addresses for love nor money (or at least, I haven't found the right person to make the offer to yet) so I don't run a mail server these days.

  16. Re:Warnings... by Spazzz · · Score: 1 · on Microsoft Mail Worms Gang War?

    Clam AV has signatures that can block it at the mail server. Best of all it's open source and free.

  17. Re:Server-side filters? by nautical9 · · Score: 2, Informative · on Microsoft Mail Worms Gang War?
    ClamAV

    and/or

    AMaViS

  18. Re:Server-side filters? by vladj · · Score: 1 · on Microsoft Mail Worms Gang War?

    I use Clam-AV on my mail server to catch some few thousand viruses on a daily basis: it's open-source, has a distributed virus signature DB which is updated very frequently - and I don't need to manually patch it or anything - new sigs are picked by a cron job.

    ClamAV is already catching the new breed of viruses with encoded zip archives, while most commercial products are not yet ready to deal with those.

  19. Response time for AV vendors by bigmoosie · · Score: 1 · on Best Antivirus Options for a Mailserver?

    After viewing this thread I noticed that Clam AV came up quite a bit. So I went to their website and went to the news section. From there I saw a link for PC worlds response times articles. Here is the original article in german. Clam AV is #5, but the AV program I use frequently is BitDefender, which is ranked #2. I use BitDefender because they have a LiveCD that is a remastered version of Knoppix which is a Live CD based off of Debian Linux. BitDefenders scan engine can also scan Microsoft Windows partitions (to include FULL RW support for NTFS). The only thing missing from my recovery pack is a spyware scanner that runs under linux and will remove windows based spyware. ~ryan

  20. Re:Mostly works. by Yottabyte84 · · Score: 2, Informative · on Best Antivirus Options for a Mailserver?

    I run clamd under daemontools. Crashes take it down for a few seconds at most. Check out this guide

  21. Re:I love the smell of Antitrust Lawsuits in the m by Vikki_R. · · Score: 1 · on Microsoft Beta Includes Built-in Virus Scanner
    I'm very sure that a typical Linux distro would include a free virus scanner as well if there was a larger *user* base.

    Linux doesn't need to include a virus scanner by default; Linux doesn't get viruses. But, if you're running a mail server for a LAN that includes Windows machines, there are virus scanners for Linux. But they're just to interface to mail servers because that's all they're needed for.

  22. Clam AntiVirus by temojen · · Score: 1 · on Specialized Knoppixes for Fun and Profit

    Clam AntiVirus can scan for windows viruses. I don't know about spyware.

    Open Source Linux / UNIX Anti Virus
  23. Re:Paul thurrott blames *ix for MyDoom! by SkArcher · · Score: 4, Informative · on Introducing Linux to Joe Average

    Clam Antivirus is a GPL anti-virus scanner that can be set to scan all passing mail.

    Oh, and it was the first AV software to have a working definition of MyDoom (which they labeled "Worm.SCO.A") - faster than all of the commercial antivirus vendors.

    Chalk another one up for Open Software. Working together you can analyse virus code faster!

    Well shit, who would have thought it...

  24. Open Source Virus Scanner caught it by prandal · · Score: 1 · on More MyDoom Gloom

    ClamAV, the Open Source virus scanner, caught it on our email gateway this afternoon, whilst McAfee's uvscan with the 4319 DATs didn't find a thing.

    A big thanks to the ClamAv team.

    Phil

  25. Re:You guys are amazing... by cyberdemo · · Score: 1 · on MyDoom Windows Worm DDoSing SCO

    I use Postfix + amavisd-new + ClamAV on Debian stable with an official Postfix backport for stable and a couple of other modifications, probably.

    Here's the appropriate configuration change.

    Edit /etc/amavisd/amavisd.conf and change the $viruses_that_fake_sender_re variable to include
    "Worm.SCO" (and all its variants; ClamAV detects this virus as "Worm.SCO.A"). The proper Perl notation would be, eg. from

    $viruses_that_fake_sender_re = new_RE(
    qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
    qr'tanatos|lentin|bridex| mimail|trojan\.dropper'i,
    qr'swen|gibe|mimail'i,
    );

    to

    $viruses_that_fake_sender_re = new_RE(
    qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizz er|palyh|peido|holar'i,
    qr'tanatos|lentin|bridex| mimail|trojan\.dropper'i,
    qr'swen|gibe|mimail|worm\.sco'i,
    );

    Save, /etc/init.d/amavis reload, go get some coffee, pat yourself on the back.

    Some stats:

    # zgrep Worm.SCO.A mail.log.1.gz|wc -l
    1840
    # grep Worm.SCO.A mail.log|wc -l
    7679

    (mail.log.1.gz is the mail log that was rotated this morning at 6:25 AM BRST (8:25 AM UTC/GMT).

    I suggest that you check this solution out, it might ease your pain.

  26. Re:Finally! ...now for a bit of help... by jbrw · · Score: 2, Informative · on Today's Windows Virus - MyDoom / Novarg

    clamav

  27. Mid-week? WTH? by macdaddy · · Score: 1 · on 'Bagle' Worm Heading For A Windows PC Near You

    I had this worm yesterday AND Clam AntiVirus (free open-source AV utility that works great with mail servers) already knew about it.