(OT) Does anyone use FOSS Virus Scan?

[Jason Stephenson]

Bill McGonigle wrote:

> 
> Response time from the ClamAV team has been measured to be lower than  
> commercial vendors in many cases (virustotal I think was the source  
> on that) - that's not an issue to worry about.

I want to add that ClamAV has often caught stuff that Symantec running 
our our desktops did not even know about, yet. ClamAV gets constant 
updates, and it is recommended that you update your definitions at least 
twice a day, though checking every other hour is not unheard of. You are 
lucky to get daily (or even weekly) updates from most commercial AV vendors.


[Deletia]

> and there's a project to tag phishing and mail scams using ClamAV  
> signatures.

I have never had a virus, worm, or Trojan get through ClamAV. I have 
reported a couple of phish emails that got through the filter in the 
past. In most of the cases, they were added to the definitions within 
hours of being reported. In a couple of cases, someone else beat me to 
reporting the same phish.

The phish check is optional. There's a configuration option to disable 
it. It is on by default, though, and I have found it catches more than 
the virus/worm/trojan definitions do on both of my mail servers.

Probably one of the coolest features of ClamAV is that it is written 
entirely in standard C. You can compile it and use it pretty much 
anywhere you have a C compiler.

Oh, and 0.91.1 just came out, so if you're running an older version, it 
is time to update.


Cheers,
Jason