Seemingly, it may not be directly related to this forum but the debate going on in tidbits should be of interest to posters here who by the look of it are in the thick of it all and probably experts in the field. They should look especially at item 23 by Randy B Singer of March 31, 2008. Although Singer is only talking about mac programers and universities and so on, I believe, Clamav experts should also get into this equation:
[23. Re: Should Mac Users Run Antivirus Software? Message #19: Re: Should Mac Users Run Antivirus Software? Posted by: Randy B. Singer Date: Mar 31, 2008. A discussion of the free ClamXav anti-virus application may be in order. ClamXav http://www.clamxav.com/ is a Mac port of the UNIX anti-virus program ClamAV http://www.clamav.net/ Mac users download ClamXav and think that it is protecting them from all known Mac malware, such as Trojan Horses, scareware, etc. But it isn't. On Macintouch the developer of ClamXav admitted that he doesn't know how to write and add anti-virus definitions for ClamAV's database (which is what is used by ClamXav). And the ClamAV folks are not members of the alliance that the commercial Mac anti-virus application developers belong to, where, when they identify and aquire a copy of a new malware threat, they share it with each other in order to quickly analyze it and create new definitions for their respective products. So the ClamAV folks don't appear to have access to all existent Mac malware, which is a problem because most of it can be quite hard to find. As a result no one appears to be consistently adding new definitions for Mac malware to ClamAV's database. You can search the ClamAV database here: http://clamav-du.securesites.net/cgi-bin/clamgrok As a test, do a search for, for instance, for "Macintosh", or for one of the known (though very rare) Macintosh Trojans, for instance: "Opener" or "Renepo," and see if anything shows up. (Nothing will.) What this means is that ClamXav doesn't look for much in the way of Macintosh-specific malware. non-windoze viruses I fear that ClamXav lulls many Mac users into thinking that they are protected from all Mac malware, when they aren't. It isn't even clear that, if a very malicious and highly infectious Mac virus were to suddenly appear on the scene, that there is anyone who would be adding a definition for it to the ClamAV database. Ideally, folks in the Macintosh community with some programming knowledge would get behind the ClamAV project, form some sort of alliance with Mac users at universities and in other large usage settings to quickly identify and capture Mac malware threats for analysis, and write and submit Mac-specific definitions for ClamAV as necessary. ClamXav has the potential for filling the niche once occupied by Disinfectant. But until folks in the Mac community get behind it, it is sort of a paper tiger.] The whole discussion can be read at http://db.tidbits.com/ Cheers _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
