Hi there, On Sun, 5 Mar 2017, Joel Esler wrote:
On Mar 5, 2017, at 05:46, Erotavlas_turbo wrote: > > whenever it is possible, I prefer to avoid using closed source and > proprietary software... I would like to use it as standard AV for > several cases including mail scanning, real-time file scanning, > web protection ... several components for windows ...
Windows. Hmmm, I suppose you did say 'possible'. :)
> ... exist several proprietary solutions with freeware version > based on clamAV (e.g. Immunet). We make Immunet. It combines a cloud based detection engine with the offline capability of clamav. It's extremely effective and free.
Perhaps it's just my age, but I'm no fan of "the cloud". Having said that, the architecture makes a lot of sense in some applications, and I feel that real-time scanning of untrusted data, perhaps perversely, is probably one of them. Most of us here will be familiar with DNSBL services. I routinely use half a dozen of them myself. However while it's one thing to offer service which supplies UDP query responses to all the mail servers on the planet, striving to do the something rather bigger over TCP for every (well, every Windows) computer on Earth is a very different proposition. For the sake of comparison, the DNSBLs I use vary in average response times from a little under 50ms to a little over 500ms. But there are occasions at busy times when a response takes a few seconds, and this is for (a) client numbers which I guess will be less than one percent of client numbers seen by something serving the world's Windows boxes (b) one single UDP query per message as compared with perhaps several dozen TCP queries while loading a Web page full of assorted, and very possibly malicious, 'monetizing' frippery, and (c) mail. It's just mail, and nobody cares if it takes a few seconds longer to get there. Well there is that one guy in Hastings, but anyway... You can see the sort of thing I see may be necessary (if even then not necessarily sufficient) to protect against a zero-day in 'Edge' if you must talk directly to the machines which are running it in real time. Will it scale? -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
