Firewall questions

Paul Schmehl pauls at
Wed Mar 23 15:01:41 PST 2005

--On Wednesday, March 23, 2005 09:45:56 PM +0000 RW 
<list-freebsd-2004 at> wrote:
> Clamav is supposed to be good for filtering windows viruses out of email.
> I  know dropped Kaspersky in favour of Clamav, they claimed
> the  updates to be at least as good.
We did some pretty thorough testing of Clamav, uvscan (McAfee) and sophie 
(Sophos) side by side on a mail gateway using amavisd.

Clamav was *almost* as good as McAfee and definitely better than Sophos at 
detecting viruses.  Clamav beat uvscan hands down on cpu usage and 
detection of Phishing scams.

Here's our latest stats - clamav is primary.  uvscan only gets used if 
clamav doesn't detect a virus.

These statistics represent data from 2005-03-01 to yesterday
Total detections - 7369
Total phishing scams - 7080
Total viruses - 289
Total McAfee - 23
Total ClamAV - 266

The last two lines are *unique* detections.  Basically what it means is 
that clamav missed 23 viruses that uvscan subsequently caught.  So clamav 
has a 92.04% virus detection rate so far for the month.  (Updates are 
fetched and installed automatically for both scanners.)

When I was keeping separate stats on each, clamav ran about a half a 
percent behind uvscan and sophie *never* had an independent detection.  It 
also had a much lower detection rate.  (E.g. clamav 94.6, uvscan 95.3, 
sophie 91.8)

Paul Schmehl (pauls at
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

More information about the freebsd-questions mailing list