I'm becoming quite disillusioned with ClamAV. In the last five years,
ClamAV which is installed on my email server, has failed to detect a
single piece of malware on the system before that malware ceases to be
in email circulation. Not one, out of thousands. And I'm not talking
about encrypted zip files, or containers it still doesn't even support.
And I will dutifully submet some of the egregious samples of straight-up
malware which are then just as dutifully ignored. I sometimes keep a
piece around for a few weeks, watch the detection rate on VirusTotal
climb to 95% of all scanners, while ClamAV remains blissfully silent. I
remember when the submission form asked for how many other platforms
detected it, and when reports actually got signatures disted out in a
day. Now, I sometimes submit over and over, and have yet in the last
two years to see a submission lead to a signature. Years ago someone
tried to inject a malware script through my WordPress. Interestingly,
this malware detected on Windows ClamAV but not in Linux, its natural
habitat. I tracked it down to case differences and then realized that
there were then thousands of malware scripts that would detect in
Windows and not on the actual systems they were written for. I believe
this problem still exists. I jumped up and down on the mailing lists at
the time trying to get someone's attention, to no avail.
ClamAV has, I'm afraid, become worse than nothing. Nothing doesn't take
up memory, storage space, and execution resources but nets the same
result. Nothing, by definition, doesn't come with that implied "it's
better than nothing" which ClamAV does and clearly isn't.
What can be done as a community to fix this? Is there anything that can
be done? Is it time to fork and abandon?
Thoughts?
Kurt Fitzner
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
