Slashdot Mirror

← Back to Stories (view on slashdot.org)

ClamAV For Windows Open Beta Begins

Posted by timothy on from the pssst-your-os-is-showing dept.

An anonymous reader writes "The public beta for ClamAV for Windows 3.0, which includes full integration of the ClamAV engine into the Immunet Protect product, is now open. If you are interested in playing with ClamAV for Windows 3.0, please see these forums. 32-bit and 64-bit versions are available for download. ClamAV for Windows should not be confused with ClamWin, a separate project."

26 of 127 comments (clear)

  1. Huh... by amnesiacopera · · Score: 5, Funny

    Will it run on Windows 3.1 as well?

    1. Re:Huh... by Anonymous Coward · · Score: 2, Informative

      himem.sys is what allows you to load stuff into extended memory, thereby providing more free conventional memory. You would never need to make extra space for it.

  2. Editing mistake? by froggymana · · Score: 5, Informative

    From TFA "ClamAV 3.0 for Windows Open Beta", not "ClamAV for Windows 3.0" as the summary states.

    --
    "To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
    1. Re:Editing mistake? by Shikaku · · Score: 2

      It's not incorrect to say ClamAV for Windows 3.0, but it's much less confusing to say ClamAV 3.0 for Windows.

  3. What is the Immunet product and why should we risk by Anonymous Coward · · Score: 4, Funny

    Could someone enlighten us what the Immunet product is? Their web page is so full of cloud computing and other buzzwords that I can't see what's different from other vendors tools

  4. Re:Clam. What's that? by KugelKurt · · Score: 5, Funny

    An anti virus application for Windows 3.0

  5. ClamAV is a big deal by iYk6 · · Score: 4, Informative

    ClamAV is an open source anti-virus. That's a pretty big deal, considering it is the only one. Or at least, the only one that is complete and still maintained.

    Were you being sarcastic, or did I miss a joke?

    1. Re:ClamAV is a big deal by rubycodez · · Score: 4, Informative

      ClamAV's main use is the Unix/Linux/BSD version for running on mail servers, but it also has the cool mode of scanning directory trees on a samba file servers for Windows clients. The virus definition databases it uses are updated multiple times a day and are automatically downloaded. I have several customers that have been using it for years, it does catch the bad wares and moves bad files to a holding directory. It understands the common archival and compression, executable, and document formats.

      http://www.clamav.net/lang/en/about/

    2. Re:ClamAV is a big deal by black6host · · Score: 2

      First, I think you took my part about access a bit too literally. Of course files should be scanned upon first encounter. Second, if files get on a system with a new exploit that hasn't hit the virus def file yet, I'd rather it get caught at some point, and in the real time protection scenario it will be picked up on access if it's not caught sooner (provided the virus defs have been updated to pick it up.)

      Lastly, no need for swearing and all those caps. One can make a point without doing so and polite discourse if my preferred mode of communication. Of course, it takes all types and the net certainly makes it easy to do as you please. One does not stay a member of most forums on the net without a thick skin though so have your say :)

    3. Re:ClamAV is a big deal by hairyfeet · · Score: 2

      If you need a good free AV for a place with over 10 (or hell anyplace for that matter) might I suggest Comodo AV or Internet Security? As you can see from this chart they will have all the major features and will only be lacking in having the live tech support, which frankly if they just stick to the defaults (or have you or someone knowledgeable do the tweaking if they want it customized) they will be just fine.

      I have given both Comodo IS and MSFT SE to clients and the only real differences I've found are these: Comodo will take about a week to learn their apps, whereas MSE will "just launch" without question. Comodo by default uses a sandbox on all apps (unless told otherwise) which means if they use one or two heavy resources apps you'll want to tell Comodo not to sandbox those, whereas MSE doesn't sandbox anything.

      So in conclusion Comodo IMHO has a little better security, while MSE never asks questions of the user. But considering most questions will be asked by Comodo in the first week, and consist of "did you just launch (name of app)?" it doesn't put undue strain upon the user and if you know what software they run frequently even that can be taken care of by you beforehand. And since it doesn't have a business user limit for poor companies it can be a lifesaver. They do have services that even a poor business might want to look into though, such as their server AV or the SSL certs for websites. Overall I've been using this for a couple of years now and have had no complaints and so far not a single PC I've installed Comodo on has come back infected, nor has there been any of those "oops we blocked schost" kinds of screwups like we've seen from certain other vendors. Try it, its free, and I bet you'll like it.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  6. ClamAV engine poor at general malwre detection by throwaway18 · · Score: 4, Informative

    The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

    The ClamAV engine may be good at email scanning but that does not mean it is good for general malware scanning. Clamwin, which uses the clamAV engine in a general windows malware/virus scanner has very poor detection compared to the top few antivirus packages (Eset Nod32, AVG, kaspersky, avira paid version, panda).

    Malware delivered via the web is the main source of the epidemic of crap on the windows platform these days. In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.

    I do nearly all my browsing in windows virtual machines. The basic firefox only VM is little trouble. A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.

    Over that last year I'v uploaded a couple of dozen malware .exe's from the web to virustotal, (mostly attempts to exploit user ignorance that didn't getting running on my machine eg desirable-file.pdf.exe). I keep the exe's and check how long it takes for AV companies to add detection. Kaspersky and AVG usually add detections within 36 hours, avira is usually "next day" provided next day is monday-friday.
    Half the time Clamwin does not detect the malware and typically takes a couple of weeks to start detecting my sample if they get it at all.
    I have little confidence in another package using the clamAV engine doing any better.

    Also the ony real cleanup response for malware arriving by email is 'delete', removing malware that has installed itself into windows takes much more work. A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.

    1. Re:ClamAV engine poor at general malwre detection by Frosty+Piss · · Score: 4, Insightful

      The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

      Maybe end users WANT the freedom to be able to attach executables? Who says all email users (or even most) are like you?

      Now, of course, I'm not talking about the rubes that clicky on any linky or attachment in their email, but you know, *I* want the ability to send *any* type of file I choose to a recipient that might be expecting said file...

      --
      If you want news from today, you have to come back tomorrow.
    2. Re:ClamAV engine poor at general malwre detection by Anonymous Coward · · Score: 2, Insightful

      I work for a manufacturing software company and we deliver products by email every day. We rarely have a problem because very few email systems mindlessly delete all executable attachments.

    3. Re:ClamAV engine poor at general malwre detection by mspohr · · Score: 4, Insightful

      And unfortunately, the range of attachments which can be considered "executable" (on Windows) is very large. I recently encountered a company that would not accept a PDF file email attachment because of the perceived danger. No doubt the danger is real on Windows but this should prompt some more intelligent countermeasures (such as better pdf readers, virus detection, or getting rid of Windows).

      --
      I don't read your sig. Why are you reading mine?
    4. Re:ClamAV engine poor at general malwre detection by bcmm · · Score: 3, Insightful

      These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

      Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

      --
      # cat /dev/mem | strings | grep -i llama
      Damn, my RAM is full of llamas.
    5. Re:ClamAV engine poor at general malwre detection by aztracker1 · · Score: 2

      The holes are in the Adobe Acrobat Reader, and exist on linux as well whenusin adobe's reader, which many on linux don't, just the same, the security hole isn't only in windows.. also, you can run a botnet node in user space on linux too.

      --
      Michael J. Ryan - tracker1.info
    6. Re:ClamAV engine poor at general malwre detection by fishexe · · Score: 2

      Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

      So, now here comes the interesting tidbit of pedantry. A .doc file cannot, I repeat cannot, contain a macro.

      Are you sure?

      What can contain macros are .dot files, or document templates. The problem is that .dots are virtually identical to .docs, and if you take a .dot and rename it with a .doc extension it will be indistinguishable from a proper .doc file, thus all these macro viruses spread by parading document templates as simple documents. If Word were just smart enough to recognize that it is opening a document template with the extension of ".doc" and throw up an error/warning message, macro viruses would hardly be a problem.

      So how come when i add a macro and hit save, it directly produces a doc that contains a macro? I admit it's been a lot of years since I've done this, but I've never renamed a .dot to .doc or anything like that, yet I've opened up documents to which I've added macros and, lo and behold, the macros were still in there.

      --
      "I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
  7. Wrong way around. by BrokenHalo · · Score: 2

    A way cooler project might be to backport all those nice new viruses to run on Windows 3.x. Just think of all those people who are missing out.

  8. Re:Not getting it. by mick232 · · Score: 2

    It's not enough to install it. You actually have to use it and keep it up-to-date!

  9. I had no idea by Beelzebud · · Score: 2

    that there was a 64 bit version of Windows 3.0!

  10. Re:Clam. What's that? by Atti+K. · · Score: 2

    Yeah, some mod could mod this funny, but it's actually sad but true... for some older ATMs at least. Nowadays I see quite a few running XP (you can see that on the back screen, if the ATM is in a place where you can see its back). But a few years ago I've seen a crashed ATM and it had plain MS-DOS. Then I remembered that I've used once an ATM of that particular bank, and that it seemed to me that the fonts looked just like the BGI fonts (Borland Graphics Interface - those who used Borland Pascal/C++ during the '90s know what I'm talking about), so I'm pretty sure that ATM was running plain DOS with some graphical app coded in Borland Pascal or C++ on it.

    --
    .sig: No such file or directory
  11. Re:Windows 3.0 - 64bit by TheRaven64 · · Score: 3, Funny

    I ran Windows NT 4 on a P166, dual-booting with DOS for games. I installed Windows 3.11 in DOS and it was amazingly fast, although running something designed for a 640x480 (16 colour!) display on a 1024x768 screen made it look a bit strange. Running on a modern system would probably be so fast that you'd barely have time to see the UI before you got the first general protection fault...

    --
    I am TheRaven on Soylent News
  12. Re:Will it run on ReactOS? by AndGodSed · · Score: 4, Funny

    Well, first you have to get ReactOS to run...

    --

    Seven Days with Ubuntu Unity

  13. Re:What is the Immunet product and why should we r by Spad · · Score: 2

    The Immunet Community has over 0 members protected from 0 threats.

    Whatever it is they do, the Immunet Community appears to rely too much on Javascript.

  14. How is this different from ClamWin? by Andrioid · · Score: 2

    I've been using ClamWin (http://www.clamwin.com) for years without any problems. Does anyone know the difference?

  15. Re:Windows 3.0 - 64bit by snowgirl · · Score: 2

    I ran Windows NT 4 on a P166, dual-booting with DOS for games. I installed Windows 3.11 in DOS and it was amazingly fast, although running something designed for a 640x480 (16 colour!) display on a 1024x768 screen made it look a bit strange. Running on a modern system would probably be so fast that you'd barely have time to see the UI before you got the first general protection fault...

    I've been stuck with an interesting dilemma a few times, where I installed a new hard drive into my netbook. Problem is, how do you install the OS? Well, the best option I had available at the time was to boot over the network with a virtual floppy and install DOS 7.0 on the machine. With that, I was actually able to at one point install Win 3.11, but the problem was that none of the drivers worked for the newer hardware, and the hardware had lost enough backwards compatibility to make the drivers that did exist not work. So, I was stuck with a vastly overspeced computer that couldn't even set the resolution above 640x480... :(

    --
    WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS