Re: [Snort-users] OT New information about clamav

----- Original Message -----
From: "Matt Kettler" <mkettler@evi-inc.com>
To: "Paul Schmehl" <pauls@utdallas.edu>; <snort-users@lists.sourceforge.net>
Sent: Friday, February 20, 2004 9:33 AM
Subject: Re: [Snort-users] OT New information about clamav


> At 03:10 PM 2/19/2004, Paul Schmehl wrote:
> >However, it has come to my
> >attention just today that the developers of clamav recently corrected a
bug
> >that effectively disabled detection of all polymorphic viruses. This
should
> >*dramatically* impact the results of testing clamav against the ITW
viruses,
> >so I have requested that the test be rerun.
>
> Important detail for you... The bug which disabled detection of
polymorphic
> viruses was never in a stable release of clamav. The bug only appeared in
> development snapshots newer than clamav-20031201.

Which explains why the new test produced similar results. 55.8% of ITW
viruses were detected by clamav. Readers must keep in mind, however, that
clamav does not detect boot viruses or macro viruses, so it will never score
as high on these ITW tests as commercial scanners that are designed to
detect everything.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users