Hi there,
On Thu, 6 Oct 2022, Julia - via clamav-users wrote:
> I have a general question to ClamAV regarding how good ClamAV is.
It's a good question. Most people seem not to ask it.
> In the internet there are lot of tests with other known products but
> I cannot find any for ClamAV. So, are there any tests or reviews?
I'm slightly surprised you can't find any reviews. I've seen a few
which I wasn't really looking for, and just now when I ran the search
"ClamAV review" there were at least dozens of hits, too many to count.
There are Wikipedia articles, for example
https://en.wikipedia.org/wiki/Comparison_of_antivirus_software which might help your research.
For any individual ClamAV user the value of reviews is debatable for
several reasons. For example there are many options in the ClamAV
configuration; a reviewer might choose options which are different
from those which you choose; a reviewer might have an axe to grind
which you don't; you might be interested in only particular kinds of
threats. Every installation is different. I only scan mail, I never
scan filesystems; others only scan filesystems and never mail. Some
people run Windows boxes, I (usually) don't.
I'd say it's better to make your own assessment of the effectiveness
in real use. You can find some of my own assessments in the mailing
list archives.
> My second question is: Which malwares are in ClamAVs database, only
> for Linux or also for Windows and Android, etc.?
Any and every kind of malware is a candidate for inclusion in the
'Official' ClamAV signature database. ClamAV relies a great deal on
signatures; although it has other ways of detecting threats it can
never really be very much better than the signature database that it's
using but anyone can submit samples of malware to the ClamAV malware
team - indeed everyone is encouraged to do that. There are numerous
what we call "third-party" signature databases, each of which has its
own set of guidelines. Currently there are 81 files in our ClamAV
database and only three of them are the ClamAV 'official' files.
> Is there a list where you can see all "supported" malwares?
Be careful what you wish for, there are around ten million of them.
Most files in the signature databases are plain text, and most of them
have one signature per line. Many of the lines contain the "name" of
the malware or threat or whatever it is. They aren't all malware, and
the name won't mean very much, it's more or less just an identifier.
It isn't going to be very educational but you can just read them, or
you can for example run 'grep' on a file to count the numbers of some
words contained in it such as 'Win.' (not 'Windows'):
$ grep -a 'Win\.' daily.cld | wc -l
323501
Try also for example 'Pdf' and 'Doc'.
Naming of threats is a perennial problem, there are usually several
names for each threat, some of which are used by several anti-virus
vendors and some by only one or two.
Can you paint us a picture of your application?
--
73,
Ged.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat