ClamAV For Windows Open Beta Begins

An anonymous reader writes "The public beta for ClamAV for Windows 3.0, which includes full integration of the ClamAV engine into the Immunet Protect product, is now open. If you are interested in playing with ClamAV for Windows 3.0, please see these forums. 32-bit and 64-bit versions are available for download. ClamAV for Windows should not be confused with ClamWin, a separate project."

Editing mistake?

[froggymana]

From TFA "ClamAV 3.0 for Windows Open Beta", not "ClamAV for Windows 3.0" as the summary states.

ClamAV is a big deal

[iYk6]

ClamAV is an open source anti-virus. That's a pretty big deal, considering it is the only one. Or at least, the only one that is complete and still maintained.

Were you being sarcastic, or did I miss a joke?

Re:ClamAV is a big deal

[rubycodez]

ClamAV's main use is the Unix/Linux/BSD version for running on mail servers, but it also has the cool mode of scanning directory trees on a samba file servers for Windows clients. The virus definition databases it uses are updated multiple times a day and are automatically downloaded. I have several customers that have been using it for years, it does catch the bad wares and moves bad files to a holding directory. It understands the common archival and compression, executable, and document formats.

http://www.clamav.net/lang/en/about/

ClamAV engine poor at general malwre detection

[throwaway18]

The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

The ClamAV engine may be good at email scanning but that does not mean it is good for general malware scanning. Clamwin, which uses the clamAV engine in a general windows malware/virus scanner has very poor detection compared to the top few antivirus packages (Eset Nod32, AVG, kaspersky, avira paid version, panda).

Malware delivered via the web is the main source of the epidemic of crap on the windows platform these days. In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.

I do nearly all my browsing in windows virtual machines. The basic firefox only VM is little trouble. A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.

Over that last year I'v uploaded a couple of dozen malware .exe's from the web to virustotal, (mostly attempts to exploit user ignorance that didn't getting running on my machine eg desirable-file.pdf.exe). I keep the exe's and check how long it takes for AV companies to add detection. Kaspersky and AVG usually add detections within 36 hours, avira is usually "next day" provided next day is monday-friday.
Half the time Clamwin does not detect the malware and typically takes a couple of weeks to start detecting my sample if they get it at all.
I have little confidence in another package using the clamAV engine doing any better.

Also the ony real cleanup response for malware arriving by email is 'delete', removing malware that has installed itself into windows takes much more work. A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.

Re:Huh...

himem.sys is what allows you to load stuff into extended memory, thereby providing more free conventional memory. You would never need to make extra space for it.