C
Casey
Is anyone using or had experience with the free open
source ClamWare Anti-Virus program? It looks promising.
http://www.clamwin.com/
Casey
source ClamWare Anti-Virus program? It looks promising.
http://www.clamwin.com/
Casey
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
C
Cyber Surfer
If you read the "about" page, you will notice that it does not have a
real-time scanner in place yet, or a POP3 scanner. This means that the virus
has to be in your machine and be found using a manual scan. Not good! You
want to stop the virus before it gets into your machine, not remove it after
it has infected your machine.
Suggest you consider Kaperski or Nod32 which are the highest rated
anti-virus products for "in the wild" detection.
real-time scanner in place yet, or a POP3 scanner. This means that the virus
has to be in your machine and be found using a manual scan. Not good! You
want to stop the virus before it gets into your machine, not remove it after
it has infected your machine.
Suggest you consider Kaperski or Nod32 which are the highest rated
anti-virus products for "in the wild" detection.
R
Robert Moir
Casey said:Is anyone using or had experience with the free open
source ClamWare Anti-Virus program? It looks promising.
http://www.clamwin.com/
Casey
Within the limits described its a fantastic scanner. I'd reccomend it to
anyone as a backup to their normal scanner. Clam AV powers a surprising
number of virus scanners on internet mail gateways.
Rob Moir
G
Guy
Cyber said:If you read the "about" page, you will notice that it does not
have a real-time scanner in place yet, or a POP3 scanner.
This means that the virus has to be in your machine and be found
using a manual scan. Not good!
You want to stop the virus before it gets into your machine
not remove it after it has infected your machine.
What AV product can scan a file before it is on your your machine?
G
Guy
Casey said:Is anyone using or had experience with the free open
source ClamWare Anti-Virus program?
A downside of using the compiled binary is the lack of control over the
location of the installation.
N
null
Is anyone using or had experience with the free open
source ClamWare Anti-Virus program? It looks promising.
http://www.clamwin.com/
It's strictly a signature scanner with quite limited capabilities.
Art
http://www.epix.net/~artnpeg
I
Ionizer
What AV product can scan a file before it is on your your machine?
To paraphrase Bill Clinton, "That depends on what your definition of on
is."
Regards,
Ian.
R
Richard S. Westmoreland
Guy said:What AV product can scan a file before it is on your your machine?
I believe Sophos, Kaspersky, and Panda are able to detect a potential virus
infection as soon as it is in memory - before it is written to disk and
executed. I have witnessed Sophos picking up viruses on remote machines
while access them through remote procedural calls (a few years prior to the
RPC exploit), so I believe some antivirus actually scan the TCP/IP stack as
well.
C
Casey
Looks like we need to wait until they get it built <G>Is anyone using or had experience with the free open
source ClamWare Anti-Virus program? It looks promising.
http://www.clamwin.com/
Casey
Thanks,
Casey
C
Criminal Element
Guy said:What AV product can scan a file before it is on your your machine?
Any of the server side AV offerings can do this.
G
Guy
Richard said:Guy wrote
I believe Sophos, Kaspersky, and Panda are able to detect a
potential virus infection as soon as it is in memory
Do you not consider memory to be "on your machine"?
- before it is written to disk and executed.
Written to disk is not analogous to execution.
I have witnessed Sophos picking up viruses on remote machines
while access them through remote procedural calls (a few years
prior to the RPC exploit),
Sophos was runing on the client machine or on the File or AV server?
Or what was the senario?
I imagine:
Client makes a "give me access to a file" request of the Fileserver.
Fileserver scans file or gives the file path and request to AVserver.
The result determines whether the client will receives access to
the file or a report.
I believe some antivirus actually scan the TCP/IP stack as well.
Packets must be assembled. Do any AV product use atomic signatures?
One can not "scan the ether",that is the domain of NIDS.
Perhaps I'm wrong?
G
Guy
Criminal said:"Guy" wrote...
Any of the server side AV offerings can do this.
I implicate "your machine" includes a mail or antivirus server.
R
Richard S. Westmoreland
Guy said:Do you not consider memory to be "on your machine"?
I do not consider any volatile state to be "on my machine". If a virus
makes any change at all to the contents of my hard drive, whether it be a
service, the master boot record, or some other file - then it is on my
machine.
Written to disk is not analogous to execution.
Unless the OS times it just right to save a copy of the virus in the
pagefile, there has to be some method of execution directly or indirectly by
the virus. A virus cannot successfully survive long term if it cannot make
it to hard disk (or some other non-volatile media).
Sophos was runing on the client machine or on the File or AV server?
Or what was the senario?
I imagine:
Client makes a "give me access to a file" request of the Fileserver.
Fileserver scans file or gives the file path and request to AVserver.
The result determines whether the client will receives access to
the file or a report.
Sophos was running on the client machine that was running a 3rd party
utility used to gather information from other clients using full
administrative access without accessing any shares or having any additional
software on the target clients.
Packets must be assembled. Do any AV product use atomic signatures?
One can not "scan the ether",that is the domain of NIDS.
Perhaps I'm wrong?
http://www.pandasecurity.com/new/test/win2000review.html
Panda Antivirus works alongside Win2K's TCP/IP stack
Only one I could find. Perhaps I'm describing this improperly - I suppose
if you have a really good realtime memory scanner then any recognizable
signature coming out of the tcp/ip stack will be... recognized...
C
Criminal Element
Guy said:I implicate "your machine" includes a mail or antivirus server.
I don't understand that - - "my machine" has a mail client and AV app - - no servers accepting init packets.
I refer to "smtp.yourisp.com" having the server side AV app running and catching malware files before you can
download them. A scanner running "on your machine" must have some part of the malware available "on your machine"
in order to scan it at all, no?
X
xmp
Criminal said:I don't understand that - - "my machine" has a mail client and AV app - - no servers accepting init packets.
I refer to "smtp.yourisp.com" having the server side AV app running and catching malware files before you can
download them. A scanner running "on your machine" must have some part of the malware available "on your machine"
in order to scan it at all, no?
Less of an issue too, since the server is usually *nix. Dealing with
Windows malware is perfectly safe. Running WINE as root might be an
exception.
michael
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.