[clamav-users] Which anti-virus do you prefer on Linux desktop?
Reindl Harald
h.reindl at thelounge.net
Fri Jan 2 00:55:13 UTC 2015
well, ClamAV != ClamAv, especially in context of a inbound mailserver
where you want to get rid of phishing/fraud and mostly executeables
inside archives *before* they are known to contain malware
http://sanesecurity.com/usage/signatures/
sadly ClamAV on Fedora can't unpack rar-archives and so you should
consider reject them in general
[root at mail-gw:~]$ cat postfix/mime_header_checks.cf
# Reject Attachment Extensions
/^Content-(?:Disposition|Type):(?:.*?;)? \s*(?:file)?name \s* =
\s*"?(.*?(\.|=2E)(386|acm|ade|adp|awx|ax|bas|bat|bin|cdf|chm|cmd|cnv|com|cpl|crt|csh|dll|dlo|drv|exe|hlp|hta|inf|ins|isp|jse|lnk|mde|mdt|mdw|msc|msi|msp|mst|nws|ocx|ops|pcd|pif|pl|prf|rar|reg|scf|scr|script|sct|sh|shb|shm|shs|so|sys|tlb|vb|vbe|vbs|vbx|vxd|wiz|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x
REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1"
Am 02.01.2015 um 01:57 schrieb Franklin Wang:
> Of course, it's wonderful to know more friends with the same hobby. But
> I wonder to know the answer about it for long. The virus db of clamav
> may be the same on the several types of platforms, but the commercial
> softwares maybe not. I copied a result of 'Day0 Summary' from
> shadowserver.org a few days ago, as following:
>
> vendor detected total percent
> Avira (Windows) 164,659 185,034 88.9885
> Comodo (Windows) 115,889 136,109 85.1443
> Eset (Windows) 153,248 182,528 83.9586
> K7 (Windows) 153,676 185,244 82.9587
> Avast (Windows) 147,266 185,226 79.5061
> Avast (Linux) 135,715 170,938 79.3943
> Symantec (Windows) 141,871 182,075 77.9190
> Sunbelt (Windows) 144,019 185,080 77.8145
> Eset (Linux) 142,373 183,664 77.5182
> BitDefender (Linux) 136,308 179,849 75.7902
> BitDefender (Windows) 136,844 184,910 74.0057
> AVG (Windows) 125,048 170,394 73.3876
> Authentium (Windows) 133,643 185,109 72.1969
> Kaspersky (Windows) 104,849 145,413 72.1043
> Avira (Linux) 124,587 177,928 70.0210
> Authentium (Linux) 121,364 179,559 67.5900
> FProt (Windows) 123,574 183,055 67.5065
> Ikarus (Windows) 109,977 164,330 66.9245
> Ikarus (Linux) 110,824 179,525 61.7318
> FProt (Linux) 110,122 180,409 61.0402
> Fortinet (Windows) 102,059 172,655 59.1115
> Clam (Linux) 104,644 179,285 58.3674
> Clam (Windows) 77,253 137,575 56.1534
> McAfee (Windows) 100,531 180,003 55.8496
> Norman (Windows) 91,194 163,996 55.6075
> Lionic (Windows) 93,746 185,134 50.6368
> QuickHeal (Windows) 84,592 168,558 50.1857
> McAfee (Linux) 73,338 146,264 50.1408
> FSecure (Windows) 89,352 181,299 49.2843
> AVG (Linux) 89,843 183,814 48.8771
> QuickHeal (Linux) 84,423 175,364 48.1416
> Sophos (Linux) 66,169 138,320 47.8376
> Microsoft (Windows) 76,974 169,284 45.4703
> GData (Windows) 80,961 184,597 43.8582
> TrendMicro (Windows) 77,177 179,421 43.0145
> Sophos (Windows) 69,207 171,143 40.4381
> TrendMicro (Linux) 49,049 128,919 38.0464
> AhnLab (Windows) 59,945 176,238 34.0137
> Panda (Linux) 35,155 117,398 29.9451
> Norman (Linux) 26,108 128,670 20.2907
> FSecure (Linux) 37,175 184,466 20.1528
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20150102/3cb2d785/attachment.sig>
More information about the security
mailing list