CLAM anti virus

[me-5yx05kfkO/aqeI1yJSURBw at public.gmane.org (Matthew Gillen)]

On 07/14/2010 09:47 AM, Jerry Natowitz wrote:
> At some point in the past I decided to start running clam av on my 
> personal computers.  Aside from taking about 10 seconds to startup, and 
> occasionally telling me that a new version is available, I haven't been 
> aware of it.
> 
> Is it just a feel-good daemon or is it a first line defense against 
> Trojans, malware, viruses, and what-not that I've simply been lucky not 
> to have encountered?
> 
> For the record, my windows partitions all run Norton Internet Security, 
> and it has been years since it complained about anything worse than 
> tracking cookies.

I use it periodically on linux when I get an obvious virus attachment just
to test its efficacy.  It catches almost everything (and I set it up to only
update virus definitions once a day, not the once-every-2-hours that it's
set to by default).

I have it on my windows partitions too, but I don't trust it (if I suspect
anything, I reboot to linux and clamscan my windows partition from linux).

There are some smart people [1] who say that the whole signature-based
detection approach is doomed to failure beyond the obvious drawbacks of
never being able to protect against 'new' attacks.  So from that point of
view, any current virus protection program is sort of like the TSA's
security theater (and just as wasteful of resources).

That said, there currently isn't anything better out there.   And a lot of
stuff that's widespread now doesn't use some of the techniques that render
signature-based detection useless (look up polymorphic code).

Matt


[1] Hacker 'Mudge' gets DARPA job:
http://news.cnet.com/8301-27080_3-10450552-245.html