How are things with Clamav?


#1

About article

https://linuxconfig.org/scan-ubuntu-18-04-for-viruses-with-clamav

I am certainly no expert in anti-virus software or malware analysis software. Not by a long shot or any stretch of the imagination.

However I do have in mind some elements (which might be wrong so please correct me).

  • ClamAv relies on signature identification. No behavioural analysis is considered.

  • ClamAv does not run in the background so it will not scan stuff you get “on the fly”

  • ClamAv has never had a real good evaluation in the anti-malware industry.

I am quite aware that the two latter points leave much to be desired.
After all the fact that ClamAv does not run continuously in background, consuming resources can very well be seen as an advantage compared to anti-malware bloatware we get from the industry.

And as to industry opinions … Well are those opinions really independent or defending their share of the market against a free software competitor?

Lacking the technical expertise I can offer no opinion.

However the first point seems kind of difficult to avoid as I have heard for a long time that signature based detection is a dead end as far as anti-malware software is concerned.

I really would welcome any comment on the current state of things for ClamAv and how effective it really is. Preferably by an experienced sysadmin or someone experienced with anti-malware research. :slight_smile:

I have heard a number of testimonies by sysadmins running ClamAv to avoid propagating malware through mail … but that was some time ago. Any recent opinion/experience will be welcome.

A good day to all who read.


#2

Replying to myself.

I might add that even if I have never seen real “good” “outstanding” comments about ClamAv I have regularly seen positive “average” and “reliable” comments about it.
So I suppose using it is definitely a good start.

Just that a more complete information and experience would be welcome.