[EMAIL PROTECTED] wrote: > Hello all. > > We've had some consultant make the spurious claim that Clam AV only scans for > 'windows viruses' and is really only useful for 'scanning email'. > Despite the fact that I know this to be patently false, is there > documentation out there I can slap him with that clearly indicates that the > virus > defs are for any platform, Linux, windows, Unix, Mac OS X, etc. ? I can prove > that it scans the file system just by sprinkling a few test viri things > out in the file system. Hard to argue with that sort of evidence. > > The rest of it, well, now it's personal. > > -J
I suspect that if a Linux/Mac/Unix virus were in the wild a pattern to find it would be added to the virus data base and made available to all. And you can add your own patterns at any time if you find one before it's available to the ClamAV team. I've never seen a virus for anything but DOS and Windows in the last 20 years, but surely they're out there. ClamAV is targeted toward mail scanning but it isn't limited to mail scanning. It's not particularly useful for scanning mail that is in mbox form - it will find a lot of false positives because pattern scans don't scan individual messages, but the entire mbox in one pass and pattern run-on will match bits of a pattern in multiple messages and flag the file as dirty when in fact no single message may in fact be dirty. Unless clamd is running as root it has limited ability to scan an entire file system simply because it hasn't permissions to do so. There are workarounds that use a root-owned process to stream files to clamd, and also alternate configurations that run temporarily as root to allow scanning all files. Perfect? Nope. Nothing I've used is. Windows centric? Hardly. Can I prove it? Nope. There is nothing in the design that limits it to Windows viruses. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
