Ceci est une ancienne révision du document !
From Brian Hall: Even after trying to search for information on Clamav, I can't really find any comparison of its ability compared to other proprietary Linux AVs. I guess the key factor in any antivirus is the, hopefully regularly updated, database behind the program, but is the Clamav database less comprehensive (because it's open source) than those used by the free versions of proprietary AVs? MB: The question is interesting in several ways: We humans like to compare products. After that we try to make a decision on what choice is the best one for us. In the case of malware detections tools, obviously the detection rate would be something to use for the selection. However, we could also use the percentage of false positives (incorrectly marked as being malicious) or consider the price to be the most important factor. In other words, what makes a malware detection to be “well enough” or outstanding..?
De Brian Hall :
Même après avoir essayé de chercher de l'information sur Clamav, Je n'ai pas réussi à trouver une comparaison de ses capacités avec d'autres anti-virus propriétaires sous Linux. Je suppose que le facteur clé de tout anti-virus est la base de données, espérant qu'elle soit régulièrement mise à jour, derrière le programme, mais est-ce que la base de données Clamav est moins généraliste (parce que c'est de l'open source) que celles utilisées apr les versions gratuites des anti-virus propriétaires ?
In case of anti-virus tools, it’s important to consider the threats you are trying to protect against. If the tool is used for scanning a mail server, each intercepted e-mail with malware is a win. Ones that are not picked up, well, end up in the user’s mailbox, and hopefully don’t get opened, or are properly detected by a local on-access virus scanner. In the case of an on-access scanner for surfing the web, you’d rather have a much higher detection rate. Back to ClamAV.. ClamAV uses a core database, with a daily addition to it. This smaller daily database (daily.cvd) is regularly updated during the day. However, that doesn’t say much about the detection rate. This is where professional comparison tests come into play. Unfortunately ClamAV often is not included in tests, because it’s not commercial or not focused mainly on Windows.
However, there is no need to think ClamAV is not good due to lack of evidence. Because the project is community driven, and many people provide samples they discover, it shouldn’t take long for ClamAV to protect against new threats. Sometimes this occurs because another malware tool (correctly) discovered a new threat. Other vendors, including ClamAV, then include a signature to their database as well. One of the best examples for “community driven malware detection”, is the website VirusTotal. All submitted examples get analyzed, and results get shared with all participating vendors. So, if you discover a malware sample, and upload it, it may get recognized by only a few in the beginning, while after a few hours many of them “suddenly” recognize it. ClamAV is participating in this list of vendors, so it should benefit from submitted samples as well.
Even if the ClamAV database is less comprehensive than from other vendors, it depends on your use of the tool. With information security, we should never rely on just a single defense, but build a fortress of layers. Using a community driven tool is just one of the possible layers we could add. From my personal experience, I can tell it helped many of my customers and their mailboxes. I’m sure it didn’t detect every threat, but no single other software tool would be able to do that either.