[Snort-users] OT New information about clamav

Paul Schmehl pauls at ...6838...
Fri Feb 20 12:26:02 EST 2004


----- Original Message ----- 
From: "Matt Kettler" <mkettler at ...4108...>
To: "Paul Schmehl" <pauls at ...6838...>; <snort-users at lists.sourceforge.net>
Sent: Friday, February 20, 2004 9:33 AM
Subject: Re: [Snort-users] OT New information about clamav


> At 03:10 PM 2/19/2004, Paul Schmehl wrote:
> >However, it has come to my
> >attention just today that the developers of clamav recently corrected a
bug
> >that effectively disabled detection of all polymorphic viruses.  This
should
> >*dramatically* impact the results of testing clamav against the ITW
viruses,
> >so I have requested that the test be rerun.
>
> Important detail for you... The bug which disabled detection of
polymorphic
> viruses was never in a stable release of clamav. The bug only appeared in
> development snapshots newer than clamav-20031201.

Which explains why the new test produced similar results.  55.8% of ITW
viruses were detected by clamav.  Readers must keep in mind, however, that
clamav does not detect boot viruses or macro viruses, so it will never score
as high on these ITW tests as commercial scanners that are designed to
detect everything.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/





More information about the Snort-users mailing list