Sophos Anti-Virus vs. ClamXav
MacBook Pro, Mac OS X (10.6.6)
MacBook Pro, Mac OS X (10.6.6)
support your position thomas 'second class citizen"
michaelsip4 wrote:
support your position thomas 'second class citizen"
I'm not Thomas and I consider the details to be privileged information, so I'll just state that as part of the process of ClamAV® transitioning to a new owner, access to their samples databases by third party contributors has been at least temporarily revoked. I guess maybe that makes Mark a third class citizen. Even what I've shared may be TMI.
I think the point Thomas was trying to make is that even with a new version of ClamXav the real power is in the database which is currently totally owned and operated by ClamAV®. Thomas' testing is limited to determining whether or not his sample database is judged "infected" by the anti-malware product being tested. Clearly the software has to work properly, but the proof is with the accuracy and timeliness of it's database. If the signature is wrong or hasn't shown up yet, there will almost certainly be no detection.
There is the possibility that ClamAV® will allow the distribution of privately built additions to the database some time in the future. If that happens, then the OS X community may be able to do a better job of keeping up, but all this presumes the ability to maintain an up-to-date sample database so that signatures can be rapidly developed and distributed. That's not an easy task, either.
Yup, it's that database that is the issue. I actually considered trying to join Mark in his efforts to maintain the Mac definitions, but the obstacles placed in front of me by the ClamAV folks were substantial. I don't envy him the task of working with them.
Thomas, what was the final results of your prevoius testing? Or, can you just provide the link (assuming your thougths haven't changed since then.
For me, I use ClamXav for an "on demand" scanner just scanning files sent to me by other users. I do a Home folder scan once a month however.
With the recent update of the MAINS from ClamAV, that should speed up the daily process of updating.
But you are right, the real test is the defintions file. But, as far as the actual ClamXav app itself, I find it just keeps getting better...
My last test was done in January, and the results are outdated at this point. They are good for historical comparative value, but if you are interested in finding out what malware a specific anti-virus program detects, they're not representative of the current state. I know that ClamXav contains far more definitions now than it did back then.
In any case, the test results are here:
Sophos Anti-Virus vs. ClamXav