New ClamWin Anti-Virus

  • Thread starter Thread starter Casey
  • Start date Start date
If you read the "about" page, you will notice that it does not have a
real-time scanner in place yet, or a POP3 scanner. This means that the virus
has to be in your machine and be found using a manual scan. Not good! You
want to stop the virus before it gets into your machine, not remove it after
it has infected your machine.

Suggest you consider Kaperski or Nod32 which are the highest rated
anti-virus products for "in the wild" detection.
 
Casey said:
Is anyone using or had experience with the free open
source ClamWare Anti-Virus program? It looks promising.
http://www.clamwin.com/
Casey
Click to expand...

Within the limits described its a fantastic scanner. I'd reccomend it to
anyone as a backup to their normal scanner. Clam AV powers a surprising
number of virus scanners on internet mail gateways.

Rob Moir
 
Cyber said:
If you read the "about" page, you will notice that it does not
have a real-time scanner in place yet, or a POP3 scanner.
This means that the virus has to be in your machine and be found
using a manual scan. Not good!
You want to stop the virus before it gets into your machine
not remove it after it has infected your machine.
Click to expand...

What AV product can scan a file before it is on your your machine?
 
Casey said:
Is anyone using or had experience with the free open
source ClamWare Anti-Virus program?
Click to expand...

A downside of using the compiled binary is the lack of control over the
location of the installation.
 
Guy said:
What AV product can scan a file before it is on your your machine?
Click to expand...

I believe Sophos, Kaspersky, and Panda are able to detect a potential virus
infection as soon as it is in memory - before it is written to disk and
executed. I have witnessed Sophos picking up viruses on remote machines
while access them through remote procedural calls (a few years prior to the
RPC exploit), so I believe some antivirus actually scan the TCP/IP stack as
well.
 
Richard said:
Guy wrote

I believe Sophos, Kaspersky, and Panda are able to detect a
potential virus infection as soon as it is in memory
Click to expand...

Do you not consider memory to be "on your machine"?
- before it is written to disk and executed.
Click to expand...

Written to disk is not analogous to execution.
I have witnessed Sophos picking up viruses on remote machines
while access them through remote procedural calls (a few years
prior to the RPC exploit),
Click to expand...

Sophos was runing on the client machine or on the File or AV server?
Or what was the senario?

I imagine:

Client makes a "give me access to a file" request of the Fileserver.
Fileserver scans file or gives the file path and request to AVserver.
The result determines whether the client will receives access to
the file or a report.
I believe some antivirus actually scan the TCP/IP stack as well.
Click to expand...

Packets must be assembled. Do any AV product use atomic signatures?
One can not "scan the ether",that is the domain of NIDS.

Perhaps I'm wrong?
 
Guy said:
Do you not consider memory to be "on your machine"?
Click to expand...

I do not consider any volatile state to be "on my machine". If a virus
makes any change at all to the contents of my hard drive, whether it be a
service, the master boot record, or some other file - then it is on my
machine.
Written to disk is not analogous to execution.
Click to expand...

Unless the OS times it just right to save a copy of the virus in the
pagefile, there has to be some method of execution directly or indirectly by
the virus. A virus cannot successfully survive long term if it cannot make
it to hard disk (or some other non-volatile media).
Sophos was runing on the client machine or on the File or AV server?
Or what was the senario?

I imagine:

Client makes a "give me access to a file" request of the Fileserver.
Fileserver scans file or gives the file path and request to AVserver.
The result determines whether the client will receives access to
the file or a report.
Click to expand...

Sophos was running on the client machine that was running a 3rd party
utility used to gather information from other clients using full
administrative access without accessing any shares or having any additional
software on the target clients.
Packets must be assembled. Do any AV product use atomic signatures?
One can not "scan the ether",that is the domain of NIDS.

Perhaps I'm wrong?
Click to expand...

http://www.pandasecurity.com/new/test/win2000review.html
Panda Antivirus works alongside Win2K's TCP/IP stack

Only one I could find. Perhaps I'm describing this improperly - I suppose
if you have a really good realtime memory scanner then any recognizable
signature coming out of the tcp/ip stack will be... recognized...
 
Guy said:
I implicate "your machine" includes a mail or antivirus server.
Click to expand...

I don't understand that - - "my machine" has a mail client and AV app - - no servers accepting init packets.

I refer to "smtp.yourisp.com" having the server side AV app running and catching malware files before you can
download them. A scanner running "on your machine" must have some part of the malware available "on your machine"
in order to scan it at all, no?
 
Criminal said:
I don't understand that - - "my machine" has a mail client and AV app - - no servers accepting init packets.

I refer to "smtp.yourisp.com" having the server side AV app running and catching malware files before you can
download them. A scanner running "on your machine" must have some part of the malware available "on your machine"
in order to scan it at all, no?
Click to expand...

Less of an issue too, since the server is usually *nix. Dealing with
Windows malware is perfectly safe. Running WINE as root might be an
exception.

michael
 
Back
Top