Interesting. Asking a CLamAV mailing list how 'reliable' CLamAV is and
whether it should be recommednded. (I wonder what kind of answers you
were expecting to receive).

Well, luckily, I am here and I have experience and no loyalty whatsoever
so will offer an unbiased opinion.

Answer:

DONT! Dont rely on its default signatures as an inline scanner for
anything that you consider remotely/mildly important to be protected.
At best it will protect/detect SOME threats several days (eventually)
after the initial threat, at worst never.

All is not lost though. The one good thing about Clam is that it does
have the ability for you to use 3rd party signatures (as well as
creating your own if you feel so inclined). There are 2 main
contributor 3rd part signature providers ('securiteinfo' and 'Sane
Security') and with one or both of those you will make the product
better than acceptable.

I use Sane Security and after many tests and running it I concluded that
with its defintions it exceeds all other commercial offerings for ZERO
hour threats (and I mean zero "HOUR", not day).

Obviously the main threats to your system are new ones so inoculation to
zero-hour threats are of the utmost importance (more than old threats)
but having them is no good if your system doesnt ACTUALLY DOWNLOAD them
in time. Sane does 1 our updates as opposed to most other solutions that
do once a day.

Clam does have some good features regarding of its technicalities (how
it does things) apparently but all of this is worthless if your
signatures are old.

Just so you know: I use Clam(win) + Sane as an INLINE scanner to a
mailserver along with other precautions (blacklisting of certain
attachments etc) and consider it to be as safe as it will every be. I
also then supplement by ensuring a more steadfast trustworthy commercial
product (Bitdefender, in my case) exists on the end-user/client
machines. This should be a similar scenario to what you should employ
for upload/attachment checking. BUT YOU MUST USE THE 3RD PARTY
SIGNATURES. You have been warned.

Without the 3rd party signatures, you might as well not use it and you
will become very unpopular with your "sensitive customer" very quickly
when they are being asked to pay a ransom to unlock their system (so
dont waste your time). Commercial products, although stronger on their
signature detections, have the same flaw in their update time. So you
could be wasting time (and creating a problem) if you rely on waiting 8
hours for a new threat to be detected.

You can of course always lookup other independent reviews on the
internet (such as https://www.av-test.org/)

That's my opinion, humble as it is, and I stick by it.

Regards
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http

You might be interesting in reading COMPLETELY through this thread:
http://lists.clamav.net/pipermail/clamav-users/2016-May/002912.html
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/v

I've run it successfully in several of Seattle's large ecommerce data centers
for over 10 years. Because of the nearly infinite configurability it
outperformed commercial systems and became a much better fit in RHEL Linux and
Oracle Linux systems, and Sun/Oracle Solaris than the less flexible commercial
systems. Reliability has been very good - it runs autonomously and requires very
little attention.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam

Hi there,
I have difficulty in reconciling the concepts of a "sensitive client"
and "users uploaded files through a Web interface".

You could give more information, such as what operating system(s) you
plan to use, and what other software.
MTBF measured in years on my systems, but see qualification below.
A qualified 'Yes'. The qualification being that I have only seriously
used ClamAV as filter (Sendmail milter) for scanning mail, and I don't
care very much about viruses. Even if ClamAV has scanned an attachment
and failed to find anything malicious, if the attachment looks like an
executable it is usually quarantined here by custom MIMEDefang rules,
so the addressee sees only a message saying that an attachment has been
removed from the mail as a precaution.
I have used it in production for many years on several mail servers,
and I would guess that many subscribers to this mailing list have
also. There have been occasions when ClamAV updates have caused a few
problems, but my cautious approach to updates (e.g. wait a few weeks)
has generally protected my systems from that kind of thing.
I do not understand the question, and I have very little experience of
the products which you mention. My experience with Symantec has been,
I would say, patchy - but I have only used it on clients' workstations
running Windows XP, Windows Vista and Windows 7. I often use "Jotti's
Malware Scan" to test suspicious files which have been filtered by my
mail filters, not just ClamAV, and I can assure you that NONE of the
malware scanners (including those you mention) in the list on Jotti's
site will give you 100% detection of malicious files.

I lost trust in Symantec (and maybe others) when they didn't flag the
infamous Sony rootkit (on music CDs) as malware. Even the US DHS took
Sony to task for compromising Windows computers with their buggy DRM
software, which, even if it weren't buggy, was an uninvited install.

(Corporate solidarity trumps computer security?)


On Wed, 1 Jun 2016 18:31:36 +0100 (BST)
"G.W. Haywood" <***@jubileegroup.co.uk> wrote:

[...]
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml