Jan Pieter: Thanks for balancing out the arguments! I have been trying to convince the upper end folks to accept clamav so I was looking for some good use cases compared to McAfee CommandLine Scanner, since this would be the product I would use from the corporate standard of McAfee.
Since I will be using the scanner on-demand I tested it scanning a simple file and it was 10x slower than ClamAV. I am not really concerned about email viruses as I will be scanning document formats (odt, docx, doc, etc). The speed is another argument that I am trying to put forward as well. Regards, Robin On Thu, Dec 3, 2009 at 10:04 AM, Jan Pieter Cornet <joh...@xs4all.nl> wrote: > On Tue, Nov 24, 2009 at 04:17:50PM -0400, Robin wrote: >> I am administering 7 Debian based LAMP servers and am working to get >> anti-virus to scan uploads as they happen. Since I am a lone sheep in >> the Microsoft wild of a larger organization I need to prove that Clam >> is up for the task and at least at par with commercial A/V such as >> McAfee Commandline Scanner. >> >> I have found a few articles stating that Clam is in some cases >> superior to most of the commercial counterparts. >> >> I am looking for feedback and thoughts on this so I can bring my case >> to the powers that we do not need to dish out $$ to provide virus >> protection. > > Your responses are likely to be biased by asking clamav-users :) > > So let me give a slightly more negative argument. ClamAV used to be > quite fast in responding to virus threats, but is currently pretty slow > in response to email viruses. We use ClamAV only to scan email on an > SMTP server(farm) (approx 3E7 msgs/day). > > We run 3 virus scanners, and I get daily statistics on the number of > viruses catched by each scanner, detailing exactly which viruses were > found by which scanner. > > For at least half a year, clamav has been the slowest to respond to new > threats, usually taking at least a day, sometimes two days, to catch up. > The number of viruses that ClamAV finds that the others don't, is > negligible (a handful a day, and those are usually marked as spam > anyway). > > That said, we only use the standard databases, and we disabled phishing > heuristics (too much false positives). Scanning accuracy might improve > if you add other malware databases. But I don't want to spend too much > CPU and memory on ClamAV. > > Note that this isn't a complaint - I realise I get what I pay for, but > given that admin time isn't free either, ClamAV is definately worse than > commercial AV products, even if you consider performance/price ratio. > > Be aware that YMMV. > > -- > Jan-Pieter Cornet <joh...@xs4all.nl> > !! Disclamer: The addressee of this email is not the intended recipient. !! > !! This is only a test of the echelon and data retention systems. Please !! > !! archive this message indefinitely to allow verification of the logs. !! > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- Robin robin.hi...@gmail.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
