Hi, In my opinion the heuristic analysis can be split into two big categories: - signature based - emulation based
The first category it's what all (most of) the AVs have (including ClamAV). This one it's used to detect similar code used by different malware versions/strains. The second category is what a lot (but not all) the AVs have. The emulators are designed to detect malicious behaviour no matter how much (ideally) the code has changed (packed/obfuscated/etc). However, please keep in mind that for the most part the AV companies have emulators designed for Windows systems, not Linux (as Windows is much more targeted). This means that, for Linux, most of them will use the same kind of signature based heuristic detection. And of course, it all depends on how much time the malware authors are willing to spend in order to avoid detection :) They usually target a few AV engines and ignore (kind of) the rest. In conclusion, ClamAV is pretty good and it keeps getting better. Hope that helps. Regards, Andrei Saygo > Date: Sun, 12 Apr 2015 12:34:57 -0700 > From: denni...@inetnw.com > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] Do you trust the Heuristic Analysis of clamav? > > My opinion is well-framed by this wikitedia page: > http://en.wikipedia.org/wiki/Heuristic_analysis > > To summarize, no, I don't trust best-guesses. Not even mine. > > dp > > On 4/12/15 4:52 AM, Franklin Wang wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Hi guys, > > > > I've been collecting reviews about the security software on Linux or > > BSD, and it's not very well of the review result of clamav. So I > > installed dr. web several months ago. And the bitdefender for personal > > may not be comfortable for kernel 3.16.x. What's your opinion? > > > > > > > > > > Frank > > > > - -- > > Skype: touch21st, Gtalk: touch21st, Yahoo/MSN:franklinwan...@yahoo.com > > Xing/Linkedin: Franklin Wang > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2 > > > > iF4EAREIAAYFAlUqXIUACgkQHNPJJKP5NjbQnAD/cywjTXkKkRbh0OOeEh2dufTz > > xA4YDVsCFanpjnoFN9QA/3nzMvcjrKsxpqYqMDw7EPGGCSR49Y1cqCGj0NkuJw9/ > > =bBw8 > > -----END PGP SIGNATURE----- > > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
