[Snort-users] OT New information about clamav

Paul Schmehl pauls at ...6838...
Thu Feb 19 12:17:07 EST 2004


Normally I wouldn't post something this far off topic to the list, however I
feel an obligation to clarify some issues WRT clamav.  Recently I stated
that clamav only detected about 54% of the ITW viruses in a private test
that I have access to.  This is still true.  However, it has come to my
attention just today that the developers of clamav recently corrected a bug
that effectively disabled detection of all polymorphic viruses.  This should
*dramatically* impact the results of testing clamav against the ITW viruses,
so I have requested that the test be rerun.

I'm also happy to report that AV-Test.org, is now including clamav in their
standard testing, so comparison of results to other scanners should be
publicly available in the future.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/





More information about the Snort-users mailing list