Hi there, On Tue, 30 Mar 2021, María Belén Bonino via clamav-users wrote:
Are there any independent testing results to show the current ClamAV detection rate?
You will get better answers if you ask better questions. :) What are you looking to detect? In what body of data? Do you treat zero-day threats separately? Do you take precautions specifically to avoid these? Not exactly very current, but I've posted estimates I've made here in the past which you should be able to find in the archives. There will be better searches you can do, but for e.g. serch for 'detection rate' at MARC: https://marc.info/?l=clamav-users&w=2&r=1&s=detection+rate&q=b and read some of my posts. I'm generally only looking for spam in mail. I keep fairly well on top of the patching, and thankfully I don't have to manage Windows boxes any more, so malware-type threats aren't very interesting to me and anyway our ClamAV server gets to see precious few of them because of the other defences which precede it in the mail processing. Having said that I think it's more or less fair to say that at this moment if you exclude my own Yara rules ClamAV is detecting around 25% the spam, and that detection rate is provided almost entirely by the third-party databases. Predominantly it's Sansecurity doing the heavy lifting but I don't think you can even rely on that; I don't know what would happen if for example I removed the Sansecurity databases to see what the others would find. Limitations in the clamd API make it awkward to find out. That's a much-delayed work in progress here, and my wife is giving me grief about crumpets as I write. If you want to dig more deeply into this then I can let you have some numbers by grepping logs - but it would take some time and I'd first need better terms of reference from you. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
