Y@uCgAujR453ad wrote:
The two big advantages to Sophos, to me, was that its virus definitions are updated daily and Sophos is a larger firm.
My recollection is that the Sophos app checks for updates once an hour, but I'd have to do some research to see how often updates are actually available.
Although ClamXav is a one person firm, the ClamAV® scan engine is backed by Sourcefire.
ClamXav on the other hand does not update malware definiltions as often
Currently, the ClamXav app will check daily, if you have that option turned on. It also updates when launched and on-demand with the touch of a button.
On the other hand, ClamAV® updates the malware definitions several times a day, whenever they have a batch ready to go. I just did a quick check of the last twelve days and there were 71 updates of over 50,000 definitions during that time, for an average of almost six updates and over 4,200 definitions a day. Obviously, most of those are Windows definitions, but I have a feeling that as far as frequency of updates is concerned, it's a wash.
ClamXav is a much smaller organization and probalbly has less resources.
As I mentioned before, that is a fact. To take it a step further, it's strictly a hobby for developer Mark Allan, but application updates aren't nearly as important as are the definitions, as you have hinted.
I have no idea how many employees Sophos employs to write definitions, so I'll simply guess that since they are a for profit company, it's adequate for what they need to do.
I don't have much information about the ClamAV® definitions team, but since they are part of the not-for-profit branch of Sourcefire, I'd guess that they are somewhat under-staffed. Judging from the names I see signing off on the definitions, it would appear that there are three main coders with a few others contributing as required (one of whom is the afore mentioned Mark Allan in his "spare" time). I'm also under the impression that they don't have anybody that actively seeks out malware samples, relying, instead on contributions from VirusTotal.com and users like me (and possibly you). What that amounts to is that most of the Commercial firms will be first on the street with updates when a new malware or variant pops up, but there have been a small number of documented first for the ClamAV® and they have usually matched Apple XProtect updates. In any case, I would give Sophos a solid edge in this area, but mostly for speed in getting new definitions out-the-door.
Having said all that, there is nothing wrong with having both applications installed, as long as only one of them is enabled for real-time / on-access hard drive watching.