[clamav-users] ClamAV comparison

[G.W. Haywood]

Hi there,

On Sun, 9 Jul 2017, Michael Jeung wrote:

Re: ClamAV comparison

> ... A cursory survey of published AV comparisons shows ClamAV being
> outperformed by a lot of other (commercial) products. ...  In terms
> of efficacy, these comparisons seem to rank ClamAV very poorly.  :(

Having used ClamAV for more than a decade, this matches my experience.
Now and then I've posted a few statistics here, search the archives.

> I'm curious if anyone knows the reason why?  Are these tests
> conducted fairly? Do the commercial products - like Sophos or
> BitDefender - have better virus definitions?

I do not know the answers to these questions.  I do suspect that some
organizations apply far more resources, both to the crafting of code in
their products and to the production of definitions, than SourceFire in
the case of ClamAV.  It has to be said that SourceFire sells commercial
products with which a free version of ClamAV might be seen as competing.

My use of ClamAV is possibly not typical, in that my main reason for
using it is access to the so-called 'third-party' signature databases.
For a rather broad definition of 'malicious' these are very effective
in my experience in detecting malicious email content.  It's possible
that the comparisons which you mention ignored third-party signatures,
and even the threats which they address, and that the results might
otherwise have been different.  The Sanesecurity databases, to single
out one particularly good provider, do a pretty good job for me.

-- 

73,
Ged.