Interesting. Asking a CLamAV mailing list how 'reliable' CLamAV is and
whether it should be recommednded. (I wonder what kind of answers you
were expecting to receive).
Well, luckily, I am here and I have experience and no loyalty whatsoever
so will offer an unbiased opinion.
Answer:
DONT! Dont rely on its default signatures as an inline scanner for
anything that you consider remotely/mildly important to be protected.
At best it will protect/detect SOME threats several days (eventually)
after the initial threat, at worst never.
All is not lost though. The one good thing about Clam is that it does
have the ability for you to use 3rd party signatures (as well as
creating your own if you feel so inclined). There are 2 main
contributor 3rd part signature providers ('securiteinfo' and 'Sane
Security') and with one or both of those you will make the product
better than acceptable.
I use Sane Security and after many tests and running it I concluded that
with its defintions it exceeds all other commercial offerings for ZERO
hour threats (and I mean zero "HOUR", not day).
Obviously the main threats to your system are new ones so inoculation to
zero-hour threats are of the utmost importance (more than old threats)
but having them is no good if your system doesnt ACTUALLY DOWNLOAD them
in time. Sane does 1 our updates as opposed to most other solutions that
do once a day.
Clam does have some good features regarding of its technicalities (how
it does things) apparently but all of this is worthless if your
signatures are old.
Just so you know: I use Clam(win) + Sane as an INLINE scanner to a
mailserver along with other precautions (blacklisting of certain
attachments etc) and consider it to be as safe as it will every be. I
also then supplement by ensuring a more steadfast trustworthy commercial
product (Bitdefender, in my case) exists on the end-user/client
machines. This should be a similar scenario to what you should employ
for upload/attachment checking. BUT YOU MUST USE THE 3RD PARTY
SIGNATURES. You have been warned.
Without the 3rd party signatures, you might as well not use it and you
will become very unpopular with your "sensitive customer" very quickly
when they are being asked to pay a ransom to unlock their system (so
dont waste your time). Commercial products, although stronger on their
signature detections, have the same flaw in their update time. So you
could be wasting time (and creating a problem) if you rely on waiting 8
hours for a new threat to be detected.
You can of course always lookup other independent reviews on the
internet (such as https://www.av-test.org/)
That's my opinion, humble as it is, and I stick by it.
Regards
On 01/06/2016 13:53, Eljai Mohammed wrote:
Dear All,
Within the framework of a project for a sensitive client, we would like to
put in place clamAV in order to scan the users’ uploaded files through a
web interface.
Accordingly, we would like to know:
- To what extent is clamAV reliable?
- Do you recommend it in a production environment? If yes, do you have
references that use it in production?
- Does it worth a paid anti-virus? (KasperSky or Symantec)?
Thank you !
Best regards,
Mohammed EL JAI.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
