How much you want to bet that they either #1 didn't bother to update the definitions #2 aren't telling people that they have some sort of connection or agreement with one of the big vendors? This like FUD to the extreme. I run ClamAV alone here and it has yet to let a single virus through. -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org
The AHBL - http://www.ahbl.org ----- Original Message ----- From: "Alex Pleiner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 04, 2003 1:34 PM Subject: [Clamav-users] ClamAV in the news: heise.de > Hiya, > > ClamAV is in the news. Today heise.de published an article about web.de > and there new use of ClamAV. That article (in German) can be found at: > > http://www.heise.de/newsticker/data/hob-04.12.03-000/ > > For all non-Germans of you I made a quick translation of the German > text. Please, I do not share any of those opinions, I repeat, I do not > share any of those opinions. I just thought, you should know what > heise.de is writing. > > -----snip----- > > web.de want to protect email users against malicious code > > web.de[1] has added virus protection to it freemail service for all > its customers. As the company stated, all incoming emails will be > tested against viruses, worms and trojans on user request. Infected > attachments will be removed or moved to a spam folder called > "unwanted". > > In a short test by heise online the new service did not recognize all > viruses and worms. Supprised by this result, we asked the company, > what software they use. web.de uses two tools for virus scans: > outgoing mails are checked by F-Secure-Scanner[2], incoming mails are > scanned by the Open-Source-Software Clam AntiVirus[3]. While F-Secure > was able to stand a test in c't [German Computer Magazine by heise] > [4], the alpha version 0.54 of ClamAV failed as a result of its low > recognition rate of viruses and worms. > > To its customers web.de explained today that the scanner provides an > effective protection of their mail account and PCs. This looks delusive > after the c't test. Therefore heise online asked the anti virus expert > Andreas Marx[5] of university Magdeburg to re-check the version 0.65 of > ClamAV supposably used by web.de. > > The results: Of 716 widely spread Viruses from the current > "wildlist"[6] ClamAV only recognised 242, that is a quote of > 33,8%. "You cannot call the virus protection of ClamAV as such", Marx > commented the result. Every commercial virus scanner gets a > recognition rate of 99 to 100 percent in these tests. Because ClamAV > does not include a code emulation it is currently useless against > polymorphic viruses. In the test it recognised 0,3 percent of the > 70,000 tested files. For comparison: scanners from Symantec, Network > Associates/McAfee, Trend Micro and other companies do find all 70,000 > infected files. An OLE2 engine is also missing, so the scanner misses > practically all macro viruses. > > It was noticeable that ClamAV often triggered false positive: of 5000 > clean files that he checked with ClamAV, more than 50 were detected as > virus infected, Marx explained. He attributed these false positives to > the bad quality of the signature database of ClamAV. > > Experts like Marx expressly point out that the Open-Source-Project > ClamAV is currently in alpha stage and should not be used in > production environments as the only virus scanner. web.de is doing the > developers of ClamAv and there own customers a disservice. The company > itself argues that they have resulted ver good recognition rates with > internal tests. > > [1] http://www.web.de/ > [2] http://www.f-secure.com/ > [3] http://clamav.elektrapro.com/ > [4] http://www.heise.de/security/artikel/39978/0 > [5] http://www.av-test.de/ > [6] http://www.wildlist.org/ > > ----snip-------------- > > Alex > > -- > Alex Pleiner > zeitform Internet Dienste Fraunhoferstrasse 5 > 64283 Darmstadt, Germany > http://www.zeitform.de Tel.: +49 (0)6151 155-635 > mailto:[EMAIL PROTECTED] Fax: +49 (0)6151 155-634 > GnuPG/PGP Key-ID: 0x613C21EA > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > _______________________________________________ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
