You should remind your security dept that ClamAV is owned and maintained by Cisco.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

"However, as a bank, our security department do not like to use such
free opensource initiatives."

Do they realize that (as far as I know) essentially all commercial
software (that you pay for) has a clause in the EULA disclaiming any
liability for *consequential* damages. In other words, if the bank
loses millions because "Expensive Anti-Malware Package" (fictional
product), with 24/7/365 phone support, fails to stop an attack, that's
just tough luck for the bank.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrt

1: clamav is open source
2: clamav does not need cisco signatures

what to loose here ?

if banks would compiled clamav self, and add own trusted signatures
there would be no loose anywhere

compareing to closed source alternatives i still dont get it :(

ftw: clamav-milter can run in tag only mode so later processing can use
that tags for more in deep trouble problem resolving

but clamav it self will not remove virus either its just a very
powerfull scanning engine
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

For instance, since years, it is part of and used on Apple OS X Server, see:

http://opensource.apple.com/release/os-x-server-302/
http://opensource.apple.com/source/clamav/
https://opensource.apple.com/tarballs/clamav/

Further:
Any major Linux distro and Linux enterprise distro (openSUSE/SUSE Enterprise Linux, Fedora/Red Hat Enterprise Linux, Debian, Ubuntu, etc.) has it as part of its distro or at least in its repository for standalone usage or integration with the local MTA, the latter when used as an email gateway.
Even the Red Hat based Oracle Linux: https://docs.oracle.com/cd/E19563-01/819-4428/gebiv/index.html

Further:
Wikipedia (en): Clam AntiVirus: Platforms
https://en.wikipedia.org/wiki/Clam_AntiVirus#Platforms

Additionally:
Also, Mozilla uses clamav as part of their build servers to let auto-check their fresh built binaries against malware before publishing and distributing them.
Hints (sorry, there may be better sources, but ad hoc no better sources found):

https://hg.mozilla.org/build/puppet/rev/ac2ad14a1254
https://github.com/mozilla/build-puppet/blob/master/modules/disableservices/manifests/slave.pp
https://wiki.mozilla.org/ReleaseEngineering/Buildduty/SVMeetings/Aug24-Aug28

Do they also realize that (and I can guarantee it that) they are using “free open source initiatives” all over their bank?
--
Joel Esler
Manager, Talos Group




On Apr 18, 2016, at 7:33 PM, Paul Kosinski <clamav-***@iment.com<mailto:clamav-***@iment.com>> wrote:

"However, as a bank, our security department do not like to use such
free opensource initiatives."

Do they realize that (as far as I know) essentially all commercial
software (that you pay for) has a clause in the EULA disclaiming any
liability for *consequential* damages. In other words, if the bank
loses millions because "Expensive Anti-Malware Package" (fictional
product), with 24/7/365 phone support, fails to stop an attack, that's
just tough luck for the bank.


On Mon, 18 Apr 2016 15:13:29 +0000 "Retailleau, Damien (GE Capital)"
<***@ge.com<mailto:***@ge.com>> wrote:

Hi ClamAV users,

We are, at GEMB France, currently looking for a solution to scan
files upload on our partner portal (Java Development). To do that we
have proposed to use ClamAV. However, as a bank, our security
department do not like to use such free opensource initiatives.

To make them adopt ClamAV, I show them shadow server statistics. To
go further, I would like to give them an overview of some business
companies that already use ClamAV successfully. However, I did not
found such information on ClamAV web site.

So I would be interested if any one of you have such a piece of
information about ClamAV usage in business companies.

Thank for all,

Regards

Damien Retailleau
Solution Architect
GE Money France & DOM
1 Rue du Chateau de L'Eraudiere, IDAHO
44300 NANTES

Tel : 02 51 89 54 84

GE Imagination at work

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/conta

My personal experience show that when IT teams cames with these 'we
don't like free/open source software', it actually means they will NOT
accept that solution, no matter how much data you gather to prove that
that would be a great solution.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
***@solutti.com.br
My SPAMTRAP, do not email it



_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

indeed, its free so it must be very bad since alternatives cost money

but i say that clamav engine does not forbid to remove cisco signatures
and build own signature databases, if such signatures turns out to be
very good signatures banks can submit them to cisco so it can be in
daily. database later

here i have learned enough to make my own local.cud database file with
all my own signatures in, i keep that private since its of no use
outside of localhost
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Apr 19, 2016, at 8:15 AM, Leonardo Rodrigues <***@solutti.com.br<mailto:***@solutti.com.br>> wrote:

Em 18/04/16 12:13, Retailleau, Damien (GE Capital) escreveu:
Hi ClamAV users,

We are, at GEMB France, currently looking for a solution to scan files upload on our partner portal (Java Development). To do that we have proposed to use ClamAV. However, as a bank, our security department do not like to use such free opensource initiatives.


My personal experience show that when IT teams cames with these 'we don't like free/open source software', it actually means they will NOT accept that solution, no matter how much data you gather to prove that that would be a great solution.


True.

--
Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group
http://www.talosintel.com
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml