[OPLINTECH] ClamAV for windows

Dan Will willda at oplin.org
Wed Mar 24 14:34:54 EDT 2010 

Nice post Chad, You have delved deeper into it than I would have thought to do. I think I’ll keep an eye on this.

 

Dan Will

Technology Supervisor

Meigs County District Public Library

 <mailto:willda at oplin.org> willda at oplin.org

740.992.5813

740.992.6140 (fax)

 

The difference between fiction and reality?

Fiction has to make sense.

Tom Clancy

 

 

 

 

From: oplintech-bounces at oplin.org [mailto:oplintech-bounces at oplin.org] On Behalf Of Chad Neeper
Sent: Wednesday, March 24, 2010 12:42 PM
To: oplintech at oplin.org
Subject: Re: [OPLINTECH] ClamAV for windows

 

I think I mostly agree with Ron. I've been testing it out myself since last night. It's a very clean program and simple to use. The main thing that would prevent me from using it by itself (right now) is simply that it doesn't currently scan numerous file types that are can carry malware:  .pdf, .doc, etc. It currently only scans executable files. Apparently the others will be added at a later date.

Another feature that I'm not sure about is that, if I manually tell it to do a system scan, it doesn't appear to verify the file checksums for ALL executables  stored on the drive. As a test, I copied the contents of C:\Program Files (1242 *.exe files alone) to two different locations. First to C:\Copy of Program Files and then to D:\Program Files. I did a scan between each copy. My total Files Scanned count did increase a little, but not nearly enough to account for the huge number of additional executables I just added.

So...we do not seem to have the option to really do a full scan on the hard drive. For instance, if you have it installed on a server containing executable programs that are never actually run on the server (and hence, not caught by the real-time scanner), but maybe _are_ executed over the network on workstations _attached_ to the server, ClamAV for Windows running on the server might not check those files. That could be a bit of a problem and worth investigating.

http://community.immunet.com/immunet/topics/how_immunet_works_in_details
This is a link to a conversation thread that helps to describe how it works. The second commenter (Alfred Huger) works for Immunet and gives a description of exactly what the program does. It's a pretty easy read.

All in all, though, I'm with Ron. This looks very promising!

2 cents,
Chad




-----------------------
Chad Neeper
Senior Systems Engineer
 
Level 9 Networks
740-548-8070 (voice)
866-214-6607 (fax)
 
--   Full LAN/WAN consulting services   --
-- Specialized in libraries and schools --



Ron Woods wrote: 

I am testing out ClamAv right now and I must say it's a fantastic product
from what I can tell so far. The next version will include the necessary
.dll files to perform local scans without an internet connection and support
for a few more file types.
 
I really do think this could be a replacement for a commercial Anti-virus
package, the source code is still GPL according to Sourcefire so that's
always a benefit. 
 
-----Original Message-----
From: oplintech-bounces at oplin.org [mailto:oplintech-bounces at oplin.org] On
Behalf Of Ed Liddle
Sent: Tuesday, March 23, 2010 12:27 PM
To: JKENZIG; OPLINTECH
Subject: Re: [OPLINTECH] ClamAV for windows
 
That would be an option. I use clamwin to do scheduled scans, I never
thought of adding it to the task scheduler in windows. Since Microsoft
Security Essentials can only be used for home or home office use according
to their end user license agreement, I only use it in those environments. It
seems to work quite well. I installed it on my wife's computer at home and
on a couple of other peoples home machines. 
 The trend web protection seems similar to the new clam av for windows. They
both work in a similar pro active fashion in that they utilize the cloud to
detect malicious things freeing up local resources. Pretty neat ! 
 
-Ed  
 
  

-----Original Message-----
From: JKENZIG [mailto:JKENZIG at cuyahogalibrary.org]
Sent: Tuesday, March 23, 2010 11:33 AM
To: Ed Liddle; OPLINTECH
Subject: RE: [OPLINTECH] ClamAV for windows
 
You could schedule it to scan via task scheduler. Clamwin can notify
you
so that will solve that issue.  For real time alerts program I use
Microsoft Security Essentials along with the trend web protection add
on
http://free.antivirus.com/web-protection-add-on/
 
Jim Kenzig
Cuyahoga County Public Library
Administrative Offices
 
From: Ed Liddle [mailto:eliddle at marysvillelib.org]
Sent: Tuesday, March 23, 2010 11:28 AM
To: JKENZIG; OPLINTECH
Subject: RE: [OPLINTECH] ClamAV for windows
 
The portable version like the regular version of Clamwin does not have
a
real time on access scanner. The new Clam AV for windows version does.
The real time scanner is something that I feel is a good feature to
have.
 
It is good to know you can use the portable version of clamwin like
that. One thing that would be nice for the new Clam AV for windows to
have is the ability to e-mail a scan report like Clamwin can.
 
-Ed
 
    

-----Original Message-----
From: JKENZIG [mailto:JKENZIG at cuyahogalibrary.org]
Sent: Tuesday, March 23, 2010 11:09 AM
To: Ed Liddle; OPLINTECH
Subject: RE: [OPLINTECH] ClamAV for windows
 
And if you use the portable app version of clamwin you can just copy
the
programs folder out to your workstations with no install required! :
      

)
    

http://portableapps.com/apps/utilities/clamwin_portable
 
 
Jim Kenzig
Cuyahoga County Public Library
Administrative Offices
www.cuyahogalibrary.org
Ohio Public Library Information Network (OPLIN)
Board of Trustees member
 
 
-----Original Message-----
From: oplintech-bounces at oplin.org [mailto:oplintech-
      

bounces at oplin.org]
    

On Behalf Of Ed Liddle
Sent: Tuesday, March 23, 2010 11:02 AM
To: OPLINTECH
Subject: [OPLINTECH] ClamAV for windows
 
Has anyone been testing the NEW Clam AV for windows from here
http://www.clamav.net/lang/en/about/win32/ ?
 
I have been looking at it for a free antivirus replacement for our
current Symantec product. It appears to me to be unlike any other
antivirus solution I have seen. It uses the cloud to store AV
definition
files and also to do the scanning. It doesn't seem to scan all stored
files but instead scans program or excutable files when they are
accessed, or files that are downloaded. It requires an internet
connection to work. ClamAV has partnered with Immunet to create Clam
      

AV
    

for Windows. Unlike previous versions of Clam AV, this version does
      

do
    

"real time active" scanning. Since the definition files are hosted in
the cloud, I would think they would be most up to date, more so than
relying on downloading definition files at a certain time interval.
When performing a manual scan it is really fast! ( under a minute
fast).
 
The downside to it there doesn't seem to be an enterprise version
      

that
    

can be used to notify admins of virus activity on the computers. The
upside is there are no definition files to download or distribute,
which
is one main benefit to an enterprise solution.
I am testing it on a public machine that has cornerstone enabled on
      

it.
    

It did detect the cornerstone service file as a virus. I submitted it
to
the Clam AV site as a false positive and added an exception for it in
clam AV.
 
Below is from their website that explains a little  bit how it works.
http://www.clamav.net/lang/en/support/faq/faq-win32/
Q7. Will "ClamAV for Windows" send any sensitive data from my
      

computer
    

to the cloud?
 
A7. ClamAV for Windows sends information about the files its scanning
back to the cloud. This information is in the form of SHA hashes and
file heuristics. Currently, this information is only collected for
Windows PE files, or in other terms what most people refer to as
executable files. No information is collected for other types of
      

files,
    

like Word, Excel, or PDF. Additionally, in some situations the entire
PE
file will be uploaded to the Cloud to determine if it is malicious.
 
For a complete overview please see the privacy policy:
http://support.immunet.com/index.php/Immunet:Privacy_policy
 
 
Let me know what your thoughts/opinions/experiences are on it.
 
Thanks in advance !
 
-Ed Liddle
_______________________________________________
OPLINTECH mailing list
OPLINTECH at oplin.org
http://mail.oplin.org/mailman/listinfo/oplintech
Search: http://oplin.org/techsearch
      

_______________________________________________
OPLINTECH mailing list
OPLINTECH at oplin.org
http://mail.oplin.org/mailman/listinfo/oplintech
Search: http://oplin.org/techsearch
 
 
_______________________________________________
OPLINTECH mailing list
OPLINTECH at oplin.org
http://mail.oplin.org/mailman/listinfo/oplintech
Search: http://oplin.org/techsearch
 
 
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplintech/attachments/20100324/24469017/attachment-0001.html

More information about the OPLINTECH mailing list