Re: [Hampshire] Anti-virus comparison

Chris Dennis wrote:
> Does anyone know of a source of objective comparisons of Linux AV products?

Well I had a win2K box secured and only running a desktop with ipsec
tunnel to work form a home netwrork.
All unused services were disabled and I did *nothing* on the desktop.
Something was not right because the second morning the machine was
obviously infected.

First step was to unplug it from the DSL and my internal firewall
and shut down. Boot linux secuirty disk and work from there.

We as a company have licences for a number of commerical products
including those mentioned above. Although clamav does not detect
rootkits it did detect 53 valid infections. The best that the commercial
competition could do was 45. And we we very carefully checked every
entry to see if we could clean the machine.

In the end we wiped it and installed linux with the same ipsec
tunnel - it ran undisturbed for over a year with no problems.

Note this was before bios rootkits were a consideration.

And yes we checked for known rootkist and there was nothing installed
that would have "hid" the infections from av scanners. And the
live linux based clamav found exactly the same things that the
windows clamav install found...

One further note - some of my family have AOL and not all firewall
AV/net stacks work with AOL. Free tools such as sygate SPF had[1]
a VERY hard time with AOL.

Jacqui

[1] my last AOL install was well over a year ago - I walk away when I
hear AOL these days :-)

Finally - you can plumb clamav into samba so that external writes to
a share are checked at write - nnever done it but I have heard of
it being used to cleans shared files and windows email.