[clamav-users] How can Clam/Cisco be so irresponsibly reckless and nonchalant to Windows users?

[Groach]

Hello

Ok, in short you know about the disaster last week where a single 
signature was issued by ClamAV that literally BROKE peoples windows 
systems (PC's, Servers....).  Many suffered, some reported and I myself 
was one that had my mail server halted in its tracks (and my business's 
email operation) due to the rogue definition wrongly removing various 
EXE and DLL's.

http://forums.clamwin.com/viewtopic.php?p=18970#18970
http://forums.clamwin.com/viewtopic.php?t=4368

This prompted the usual 'loyal' moderators of Clamwin forum to declare 
that "ClamAV doesnt test signatures on windows systems" and that it is 
dangerous to use it as such (suggesting a more liable product should be 
sought).

This comes after a year of me constantly suffering False Positives with 
their definitions (often but not limited to to the same range of files 
and programs) often changing the 'signature' and becoming a new False 
Positive just days after rectifying a report of an old one.  And this is 
if you are luckily enough to get the FP rectified in the first place:

FYI:
https://www.virustotal.com/en/file/ca8ee2783cdfe60ebcfbe1991ffbd952dc7c2bbab375b1e0f8f85b2a32d5a803/analysis/1455646006/ 
3?½ months old
https://www.virustotal.com/en/file/14aff6171866b62575af7f71febd172727503aef58182443d7ebdca11d61a458/analysis/1455646242/ 
17 months old!
https://www.virustotal.com/en/file/fcc639ddaf9b671fd1efdd70ad5a9358a18e9b3acd0e89f819a561933583c178/analysis/1455646471/ 
2½ months old.

All were uploaded to Clam as viruses (after being tested on VT) by me at 
the time of receiving them. Can you imagine the damage done in 17 months 
by those reliant on Clam?

You can see further 'testing' I did to prove the effectivity of Clam 
signature team on dealing with FPs here: 
http://forums.clamwin.com/viewtopic.php?p=18890#18890 which (if you 
follow that thread) went on to show it took 12 days for them all to be 
rectified.

After this test, the frustration of the recent years of keep repeating 
the FP reports (usually for the same programs) with different 
signatures, and then the recent mail server killing weekend, I concluded 
that Clam on windows system is just one broken rung above the ground of 
useless (and equally as precarious) concluding that it must only ever be 
run in REPORT MODE, to have 'Memory Scan' turned off (in the case of 
Clamwin) and to be any use must be supplemented by decent 3rd party 
signatures such as Sanesecurity that issue signatures for REAL threats, 
in a decent worthy time that they might actually serve to protect 
(instead of being issued days, weeks or MONTHS (or never!) after the 
threat was released and at its most dangerous)

I now only use ClamAV (WITH Sane definitions to make it effective!) as 
an incoming mail scanner and leave all other levels of antivirus 
security in the hands of the professional suppliers (Bitdefender, Avira, 
etc) and find it impossible to recommend it any more for any other form 
of protection.

Many people will have been stung by last weeks events and have been 
turned off from the product - as a parent company CISCO should be 
concerned about this.

This post isnt just here for a moan, it is here for a point of view and 
genuine questions of concern that I would like to hear responses for 
(specifically from Joel and any one that considers themselves 
responsible for Clam):

1,  Given that the Linix world usually (narrow mindedly) declares itself 
as a superior and safer OS to windows in that "it doesnt get virus 
attacks", and therefore antivirus software really has a purpose for 
defending against WINDOWS attacks, then why oh why aren they more 
embracing and open-minded to the plight of the windows user (being more 
responsive and proactive)

2,  HOW CAN CISCO allow such a sloppy definitions be issued that 
potentially KILLS systems?  If this was a corporation, where the 
customers had PAID for their services, they would be in a world of 
trouble.  It certainly doesnt do Cisco's reputation any good at all (and 
it seems they do not care).  Now does it do Clam's reputation any good.  
Why is there not any quality control ?

3,  Why are signatures not tested against known windows systems before 
being issued?  (Im sure Cisco can provide a server in a corner of a room 
that has the standard instllation files of the various windows versions 
on it).

4,  Absolving yourselves from any liability of damage caused by using 
Clam or its various incarnations (in some EULA) does not absolve you 
from responsibility of care.  Do you agree?

Remember, this is about ClamAV signatures and a question of 
responsibility of those signatures by the owning company, so the point 
of me and others using the Clamwin port is irrelevant.

I look forward to some considered response.

Jim