Hallo,
ich habe clamav installiert.
Mit clamdscan habe ich 4000 infected Dateien getestet.
3000 sind als “infected” markiert
1000 sind “OK” markiert
Database is up-to-date.
Ist das ergebnis akzeptabel ?
Vielen Dank euer Hilfe.
Grüsse
Miche
Hi
These are primarily English forums 
So I’m assuming these are windows based files you are using to clamav to scan?
Incoming mail?
Hi Malcolm,
sorry if I wrote in German …
I am migrating from antivir to clamav.
The 4000 files are emails (probably with windows virus) blocked by antivir.
The problem is that for clamdscan 1000 of 4000 files are “OK”.
Regards
Michelangelo
Hi
Have you looked at any of the emails that passed clamav to see what
they contain? Maybe some sort of rule that was added in antivir that
caused them to be quarantined?
–
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.28-4-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Am 12.12.2014 18:44, schrieb mrezzonico:[color=blue]
Hi Malcolm,
sorry if I wrote in German …
I am migrating from antivir to clamav.
The 5000 files are emails (probably with windows virus) blocked by
antivir.
The problem is that for clamdscan 1000 of 5000 files are “OK”.[/color]
Quite frankly: Clamav is generally not regarded as a useable AV
solution. Precisely for what you just found, it’s detection rate is
WAY worse than any commercial AV (and soem of those are really bad too).
CU,
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
Hi Malcolm,
thanks for your suggestion.
Not sure but it seems me that the files I used are not changed by antivir.
In the meantime I have found the following site where I can test my files:
www.virustotal.com
… and I can see if a virus is recongnised by clamav.
At least now I am sure that there is not an installation problem (database not up-to-date, …)
I have also installed ClamWin (the window version of clamav).
I have tested some files and I have the same results as clamav installed on my linux server.
Does someone have a better alternative to clamav (for linux) ?
Regards.
Miche
Hi Massimo,
thanks for your answer.
Do you know a valid (opensource) AV alternative for linux ?
Regards.
Miche
Am 16.12.2014 14:34, schrieb mrezzonico:[color=blue]
Hi Massimo,
thanks for your answer.
Do you know a valid (opensource) AV alternative for linux ?[/color]
No such thing exists I’m afraid.
CU,
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
Hi Massimo,
thanks for your answer.
May I ask you if you know a good commercial solution for a SLES mailserver ?
In the past I used antivir but now is no longer supported.
Thanks again.
Miche
Am 17.12.2014 14:24, schrieb mrezzonico:[color=blue]
Hi Massimo,
thanks for your answer.
May I ask you if you know a good commercial solution for a SLES
mailserver ?[/color]
Shouldn’t that mostly depend on the mailserver and what products
interface properly with it? For instance, as I’m doing almost
exclusively Groupwise, I use Gwava for that.
Other than that, I hear the least bad from Kaspersky. Frankly, I don’t
think there’s any really “good” Av solution. Just a less bad than others.
CU,
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
Hi Massimo,
thanks again.
[QUOTE=Massimo Rosen;25442]…
Other than that, I hear the least bad from Kaspersky. Frankly, I don’t
think there’s any really “good” Av solution. Just a less bad than others.
[/QUOTE]
I’ve also had good experiences with Sophos.
As for “free” alternative, AVG for Linux might be an option : http://free.avg.com/download-free-all-product
Curious to hear how you go!
Cheers,
Willem
Hi Willem,
thanks for the link !
Here some words about my configuration …
I have a sendmail server in the DMZ that forward emails to our groupware installed in the internal network.
Antivirus (Antivir) and Antispam (SpamAssassin) are installed on the sendmail server (in the DMZ).
On our windows clients we also have an antivirus (Norton), so the antivirus in the DMZ is one of the two antivirus installed in our network.
With this configuration the groupware solution is independent from the Antivirus and Antispam solution and I am also flexibel (in the DMZ now I use sendmail but I can also migrate to postfix without modifying the groupware).
I saw that AVG has a milter sendmail interface !
Now I am trying clamav.
After that I will try AVG.
Thanks a lot !
Regards.
Miche