[OPLINTECH] ClamAV for windows

Ed Liddle eliddle at marysvillelib.org
Tue Mar 23 11:01:51 EDT 2010 

Has anyone been testing the NEW Clam AV for windows from here http://www.clamav.net/lang/en/about/win32/ ? 

I have been looking at it for a free antivirus replacement for our current Symantec product. It appears to me to be unlike any other antivirus solution I have seen. It uses the cloud to store AV definition files and also to do the scanning. It doesn't seem to scan all stored files but instead scans program or excutable files when they are accessed, or files that are downloaded. It requires an internet connection to work. ClamAV has partnered with Immunet to create Clam AV for Windows. Unlike previous versions of Clam AV, this version does do "real time active" scanning. Since the definition files are hosted in the cloud, I would think they would be most up to date, more so than relying on downloading definition files at a certain time interval. 
When performing a manual scan it is really fast! ( under a minute fast).

The downside to it there doesn't seem to be an enterprise version that can be used to notify admins of virus activity on the computers. The upside is there are no definition files to download or distribute, which is one main benefit to an enterprise solution. 
I am testing it on a public machine that has cornerstone enabled on it. It did detect the cornerstone service file as a virus. I submitted it to the Clam AV site as a false positive and added an exception for it in clam AV. 

Below is from their website that explains a little  bit how it works. http://www.clamav.net/lang/en/support/faq/faq-win32/ 
Q7. Will "ClamAV for Windows" send any sensitive data from my computer to the cloud?

A7. ClamAV for Windows sends information about the files its scanning back to the cloud. This information is in the form of SHA hashes and file heuristics. Currently, this information is only collected for Windows PE files, or in other terms what most people refer to as executable files. No information is collected for other types of files, like Word, Excel, or PDF. Additionally, in some situations the entire PE file will be uploaded to the Cloud to determine if it is malicious.

For a complete overview please see the privacy policy: http://support.immunet.com/index.php/Immunet:Privacy_policy  


Let me know what your thoughts/opinions/experiences are on it.

Thanks in advance ! 

-Ed Liddle

More information about the OPLINTECH mailing list