Forgot your password?
typodupeerror
Windows Security Software IT

ClamAV For Windows Open Beta Begins 127

Posted by timothy
from the pssst-your-os-is-showing dept.
An anonymous reader writes "The public beta for ClamAV for Windows 3.0, which includes full integration of the ClamAV engine into the Immunet Protect product, is now open. If you are interested in playing with ClamAV for Windows 3.0, please see these forums. 32-bit and 64-bit versions are available for download. ClamAV for Windows should not be confused with ClamWin, a separate project."
This discussion has been archived. No new comments can be posted.

ClamAV For Windows Open Beta Begins

Comments Filter:
  • Huh... (Score:5, Funny)

    by amnesiacopera (1748256) on Sunday January 16, 2011 @12:44PM (#34897438)
    Will it run on Windows 3.1 as well?
    • by antdude (79039)

      Nah, Windows for Workground v3.11 and Windows 3.2 [wikipedia.org]. ;)

    • by atisss (1661313)

      I gues, it says it supports 32bit, so that should be pretty obvious. I wonder about 16bit version however.. As Windows 3.0 binaries should be compiled in 16 bit, and it's not released (only 32bit and 64bit huh), how it's going to run?

  • Editing mistake? (Score:5, Informative)

    by froggymana (1896008) on Sunday January 16, 2011 @12:46PM (#34897454)

    From TFA "ClamAV 3.0 for Windows Open Beta", not "ClamAV for Windows 3.0" as the summary states.

    • by Shikaku (1129753)

      It's not incorrect to say ClamAV for Windows 3.0, but it's much less confusing to say ClamAV 3.0 for Windows.

      • ClamAV for Windows 3.0 would be correct if it were for that specific version of Windows, but it is referring to the version of ClamAV which runs on an unspecified version of Windows.

      • It gets confusing ..
        is it
        (ClamAV for Windows) 3.0
        OR
        ClamAV for (Windows 3.0)
        • Oh that makes more sense... People need to learn to use grouping parenthesis more often in their writing/typing :)

    • If the name of the product were "ClamAV for Windows", then it would be correct, though confusing, to call it ClamAV for Windows 3.0.
  • by Anonymous Coward on Sunday January 16, 2011 @12:54PM (#34897516)

    Could someone enlighten us what the Immunet product is? Their web page is so full of cloud computing and other buzzwords that I can't see what's different from other vendors tools

    • by Spad (470073)

      The Immunet Community has over 0 members protected from 0 threats.

      Whatever it is they do, the Immunet Community appears to rely too much on Javascript.

    • by godefroi (52421)

      All I could find is that it gives you "the advanced protection of the cloud". That sounds really awesome, and I think I must need it desperately. Probably you too.

    • by kc0re (739168)
      Immunet is a lightweight client that runs on the Desktop, the AV is done "in the cloud" as opposed to running a gigantic fat client and downloading daily updates. As a result, it's faster, adapts faster, and allows for worldwide correlation.
      • Sounds like the perfect datamining operation... I wonder if they are gonna go Google and make it a free service, and sell analytics data. That would be a great business model, if they have a decent privacy policy. Hell, I think you could try the same trick and OEM Ubuntu machines, and have click-through EULA during the configuration phase (not too convulted, we want to be fair now - the lusers won't even glance at it anyway). Send tracking data for a limited period (and make tracking removal reasonably easy
  • Sure, it's something to make fun of, Windows 3.0 and all that. But advertising an anti virus product beta on Slashdot's main page? C'mon.
    • ClamAV is a big deal (Score:5, Informative)

      by iYk6 (1425255) on Sunday January 16, 2011 @01:14PM (#34897664)

      ClamAV is an open source anti-virus. That's a pretty big deal, considering it is the only one. Or at least, the only one that is complete and still maintained.

      Were you being sarcastic, or did I miss a joke?

      • by neumayr (819083)
        It's an open source product? Okay, then I guess I see the relevance. Sorry, my bad.

        They could have mentioned that in the summary though..
        • by rubycodez (864176) on Sunday January 16, 2011 @01:42PM (#34897836)

          ClamAV's main use is the Unix/Linux/BSD version for running on mail servers, but it also has the cool mode of scanning directory trees on a samba file servers for Windows clients. The virus definition databases it uses are updated multiple times a day and are automatically downloaded. I have several customers that have been using it for years, it does catch the bad wares and moves bad files to a holding directory. It understands the common archival and compression, executable, and document formats.

          http://www.clamav.net/lang/en/about/ [clamav.net]

          • I assume you're using it to scan files on a predetermined schedule? If so, obviously you would not be able to comment on real time protection (upon file access.) I take it you're satisfied though with the scanning and detection abilities. Please correct me if I'm wrong. This (CLAMAV for Windows) piques my curiosity though as currently I use, and some of my clients as well, MS Security Essentials. This is ok in a business environment with 10 or fewer computers but some of my clients, who can't afford at t

            • by rubycodez (864176)
              correct that file scans are scheduled, but that fits with the clients use of batch reception of scanned and pdf medical documentation.

              They use a multi-tiered approach to security that also includes Fortigate and the free AVG windows client.
              • The Fortigate looks good at first blush (haven't used one personally.) I've become rather not fond of AVG, I got more support calls from family who I used to recommend AVG to, related to AVG, than anything else. Mostly, the update nagging and seemingly absolutely immediately required upgrades to the latest, greatest version. That plus every time I used to instruct them on how to download it they were always tripped up by all the BS that came along with the download page. Really unobtrusive free download

            • by hairyfeet (841228)

              If you need a good free AV for a place with over 10 (or hell anyplace for that matter) might I suggest Comodo AV or Internet Security [comodo.com]? As you can see from this chart [comodo.com] they will have all the major features and will only be lacking in having the live tech support, which frankly if they just stick to the defaults (or have you or someone knowledgeable do the tweaking if they want it customized) they will be just fine.

              I have given both Comodo IS and MSFT SE to clients and the only real differences I've found are

            • by ancientt (569920) *

              The article is not about ClamWin but it is a related product. It is mentioned in the summary, but I have some experience with it and can at least tentatively recommend it. ClamWin uses ClamAV resources but was designed to run on Windows and is somewhat mature. It can work with centralized updates, email notices upon virus detection and runs on any likely version of Windows. It has a plug-in for Outlook and is integrated into Explorer, though I'm not sure it does on-access scanning. (It didn't in the past, b

      • by tgd (2822)

        And? MS Security Essentials is a zero-cost option as long as the OS isn't pirated.

        If you're not in a free-as-in-whatever-the-OSS-people-are-calling-free-like-beer-or-whatever OS, why do you need AV that is?

        Not sure I get it. I can totally buy an OSS virus scanner for an OSS OS, or an OSS virus scanner for a non-OSS OS that has no free options, but Windows has a free option that comes from the people who wrote the OS.

        • by beardz (790974)

          And? MS Security Essentials is a zero-cost option as long as the OS isn't pirated.

          It's a zero cost option even if the OS is pirated.

        • by melstav (174456)
          Microsoft pushes "Critical" security updates for their software so frequently it isn't funny. And that's not even taking into account vulnerabilities they go out of their way to actively keep quiet [slashdot.org]. Do you REALLY want to trust *THEM* to provide you with the software that's supposed to keep the *rest* of their library secure?
          • by QuoteMstr (55051)

            Oh, for fuck's sake, have you seen LWN's "security" page? Every week, there's some remote code execution vulnerability or another. At least distributions regularly push updates --- Apple usually waits for its next minor release. I'm sick and tired of this puerile and reflexive Microsoft-bashing.

      • The joke is that virus scanners in general tend to be jokes.

    • by bcmm (768152)
      ClamAV is an open-source AV system. The reason a Windows version is news is that it's usually run on Linux systems, especially mail servers.
  • by Anonymous Coward

    People waiting to follow the only worthy upgrade from XP want to know ;)

  • by throwaway18 (521472) on Sunday January 16, 2011 @01:35PM (#34897792) Journal

    The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

    The ClamAV engine may be good at email scanning but that does not mean it is good for general malware scanning. Clamwin, which uses the clamAV engine in a general windows malware/virus scanner has very poor detection compared to the top few antivirus packages (Eset Nod32, AVG, kaspersky, avira paid version, panda).

    Malware delivered via the web is the main source of the epidemic of crap on the windows platform these days. In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.

    I do nearly all my browsing in windows virtual machines. The basic firefox only VM is little trouble. A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.

    Over that last year I'v uploaded a couple of dozen malware .exe's from the web to virustotal, (mostly attempts to exploit user ignorance that didn't getting running on my machine eg desirable-file.pdf.exe). I keep the exe's and check how long it takes for AV companies to add detection. Kaspersky and AVG usually add detections within 36 hours, avira is usually "next day" provided next day is monday-friday.
    Half the time Clamwin does not detect the malware and typically takes a couple of weeks to start detecting my sample if they get it at all.
    I have little confidence in another package using the clamAV engine doing any better.

    Also the ony real cleanup response for malware arriving by email is 'delete', removing malware that has installed itself into windows takes much more work. A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.

    • by Frosty Piss (770223) * on Sunday January 16, 2011 @01:58PM (#34897950)

      The clamAV engine is designed for scanning incoming email. These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

      Maybe end users WANT the freedom to be able to attach executables? Who says all email users (or even most) are like you?

      Now, of course, I'm not talking about the rubes that clicky on any linky or attachment in their email, but you know, *I* want the ability to send *any* type of file I choose to a recipient that might be expecting said file...

      • by mspohr (589790) on Sunday January 16, 2011 @02:36PM (#34898200)
        And unfortunately, the range of attachments which can be considered "executable" (on Windows) is very large. I recently encountered a company that would not accept a PDF file email attachment because of the perceived danger. No doubt the danger is real on Windows but this should prompt some more intelligent countermeasures (such as better pdf readers, virus detection, or getting rid of Windows).
        • by Lennie (16154)

          Judging by a recent 27c3-presentation, I have some doubts a good PDF reader actually exists. The format is such a mess I can't believe it:

          http://www.youtube.com/watch?v=54XYqsf4JEY [youtube.com]

        • The holes are in the Adobe Acrobat Reader, and exist on linux as well whenusin adobe's reader, which many on linux don't, just the same, the security hole isn't only in windows.. also, you can run a botnet node in user space on linux too.
          • by mspohr (589790)
            Yeah, it is theoretically possible to run a botnet in userspace in Linux and there was even an actual botnet that attacked some Linux based modems a few years ago using their default passwords. However, perhaps because it requires exceptional stupidity on the part of users (and their lack of access to root), there aren't any actual botnets in the wild running on Linux. Just happy the I run Linux and Mac and don't have to worry about malware. I'm happy to leave the malware battles to the Windows users.

            Ju

            • Well, the several million macs out there running as bot nodes would disagree with at least a portion of that statement. I'm not disagreeing that windows has a lot more virus issues... and has a history of poor security... However, I would say that the largest reason behind this is the compatibility of windows versions and market share that has been the leading driver behind this... As mac usage has risen a bit, so it too has become a malware target...

              Though most mac malware comes from pirate software p
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I work for a manufacturing software company and we deliver products by email every day. We rarely have a problem because very few email systems mindlessly delete all executable attachments.

    • by bcmm (768152) on Sunday January 16, 2011 @02:41PM (#34898226)

      These days any sensibly configured email system deletes all email with any forum of executable attachment before it gets anywhere near the end users so email scanning is a bit of a niche market.

      Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

      • by snowgirl (978879)

        Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

        So, now here comes the interesting tidbit of pedantry. A .doc file cannot, I repeat cannot, contain a macro.

        What can contain macros are .dot files, or document templates. The problem is that .dots are virtually identical to .docs, and if you take a .dot and rename it with a .doc extension it will be indistinguishable from a proper .doc file, thus all these macro viruses spread by parading document templates as simple documents. If Word were just smart enough to recognize that it is opening a document tem

        • by fishexe (168879)

          Where did you get that from? Remember that .doc is, potentially, an executable format (a Word macro can make arbitrary win32 API calls), not to mention the many exploits that rely on overflows in parsers of non-executable formats.

          So, now here comes the interesting tidbit of pedantry. A .doc file cannot, I repeat cannot, contain a macro.

          Are you sure [wikipedia.org]?

          What can contain macros are .dot files, or document templates. The problem is that .dots are virtually identical to .docs, and if you take a .dot and rename it with a .doc extension it will be indistinguishable from a proper .doc file, thus all these macro viruses spread by parading document templates as simple documents. If Word were just smart enough to recognize that it is opening a document template with the extension of ".doc" and throw up an error/warning message, macro viruses would hardly be a problem.

          So how come when i add a macro and hit save, it directly produces a doc that contains a macro? I admit it's been a lot of years since I've done this, but I've never renamed a .dot to .doc or anything like that, yet I've opened up documents to which I've added macros and, lo and behold, the macros were still in there.

          • by snowgirl (978879)

            Are you sure [wikipedia.org]?

            Hm... not entirely sure, I don't do anything with MS Word anymore really. Although, this most certainly was the case back in 1995~98. (I wrote a concept Word macro virus and had to figure this out to make it work.)

        • by bcmm (768152)
          OK, so a genuine Microsoft Word document might not hold macros, but a .doc file most certainly can.

          I know it's not the intended use, but as you say, a file ending .doc can contain any format recognised by Word and work as expected. This is in semi-common use for communicating with idiots who accept only Word documents, since Word will accept plain-text or RTF, which are both much easier to work with.
          • by snowgirl (978879)

            This is in semi-common use for communicating with idiots who accept only Word documents, since Word will accept plain-text or RTF...

            OMG, that is just an incredible idea, lol!

      • a Word macro can make arbitrary win32 API calls

        What the hell? I'm no security expert, but even I recognize what a terrible idea that is. Has Microsoft ever offered any justification for this one?

        • by bcmm (768152)
          Personally I think it's great. Back when I was in 6th form, they had computers with cheap CRT monitors, all set, out of laziness, at Windows's default mode, which was 1024x786 at 50Hz - OK for some, but a quick way to get a migraine for me. They'd locked them down in various ridiculous ways, including no display settings or running executables from anywhere you can write to, so I used a Microsoft Word macro to change the resolution and refresh rate. Insanity, I know...
    • by neumayr (819083)

      Wow. You sure are a malware magnet. Luckily it seems to fit your hobby.

      Please be aware not everyone gets attacked as much as you do and the kind of organization you wield to protect yourself would be overkill for most people.

    • by nurb432 (527695)

      In geek circles I feel like a suspected plague carrier because I carry a windows laptop instead of running ubuntu or carrying an apple.

      So YOU are that guy..

    • by fishexe (168879)

      A of people rely on antivirus software to clean up messy infections instead of being organised enough to have current backups and known-good images of every machine.

      But what about B of people? We can't all be A-listers, you know.

    • by SheeEttin (899897)

      A vm with flash player, Sun java, acrobat reader, dotnet addon etc results in the "whats all this network traffic, shit the VM is sending spam" or "popups WTF?" every few months, followed by going back to a known good copy of the VM and redownloading lots of updates.

      Why not just make one known-good VM, then use whatever that feature is that discards any changes on shutdown? (I know VirtualBox has one, dunno about others.)

  • Just repaired a computer that had ClamAV installed.

    It missed multiple trojans that Microsoft Security Essentials found.

    • by mick232 (1610795)
      It's not enough to install it. You actually have to use it and keep it up-to-date!
  • Scanning files with ClamWin is about as fast as reading them yourself with a hex editor. I use Avast.

  • by Beelzebud (1361137) on Sunday January 16, 2011 @02:30PM (#34898162)
    that there was a 64 bit version of Windows 3.0!
  • I've been using ClamWin (http://www.clamwin.com) for years without any problems. Does anyone know the difference?
  • Wake me up when they have on-access scanning working. And preferably fast enough not to bring the system to a grinding halt when starting up a moderately large binary (admittedly, a lot of commercial vendors would fail that test too).

After an instrument has been assembled, extra components will be found on the bench.

Working...