ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Clame Virus Database
ExcelledProducts


Joined: 04 Nov 2012
Posts: 2
Location: United States, CT
Reply with quote
I am a noob here so this may sound like a really stupid question but do the daily.cvd, bytecode.cvd and the safebrowsing.cvd update daily or every few days or once a week. I assume that the daily.cvd is updated daily but I don't know. Please answer back.
View user's profileSend private messageSend e-mail
GuitarBob


Joined: 09 Jul 2006
Posts: 4254
Location: USA
Reply with quote
The daily and bytecode databases are usually updated several times a day during the week. The sigmakers do not always work on the weekends, so there may not be any updates on Saturdays and Sundays. The main database is updated whenever a correction to an older signature is needed. The daily database is integrated into the main database a few times each year. The signature databases and the scanning engine are furnished to ClamWin by the Clam AV project.

Thanks for using ClamWin.

Regards,
View user's profileSend private message
nice work
cata_pkz


Joined: 10 Jun 2013
Posts: 3
Location: EU
Reply with quote
I see that everyday we have signature updates... this means that our AV gets better and better in finding viruses Wink
It's a bummer that it is not included in AV tests... (eg: virusbtn) Microsoft essentials it's pathetic and still is tested...
I really don't think that Microsoft's lame antivirus is better than ours...

Best regards,
Cata
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4254
Location: USA
Reply with quote
Thank you for using/supporting ClamWin!

Virus updates are for viruses that are known. For a virus to be known, a user has to become infected, to find the virus and then send it to an AV company so they can prepare a signature. Generally, ClamWin (using the Clam AV engine) can not detect viruses unless it has a signature for the virus. Some AVs can detect a large number of viruses without any signatures by using heuristic rules in their code, which enables them to make a good "guess" that a file contains a virus. The Clam AV engine does not have any heuristics, so ClamWin can only detect viruses for which Clam Av has prepared a signature. ClamWin needs needs to become a real-time scanner so that it can automatically scan files when they are put on your computer. In addition to real-time scanning, it also needs some heuristics. At the present time, it can only detect viruses in a scheduled scan or when you do a manual scan. It works best as a backup to a real-time antivirus program.

As for Microsoft Security Essentials (MSE), it is as good as most AVs. It has a real-time scanner and is supported by a large company with lots of resources. ClamWin is a small, free, Open Source project without many resources. MSE doesn't do as well as many AVs on some tests because it places more importance upon protecting its users than passing tests, and it does very little marketing. MSE gets information/telemetry about viruses from billions of users, and it is able to protect most of them very well--using signatures, heuristics, and telemetry.

Regards,
View user's profileSend private message
cata_pkz


Joined: 10 Jun 2013
Posts: 3
Location: EU
Reply with quote
I know, that's the job of the sentinel Very Happy

But, about the Microsoft essentials I have to contradict you:
Here, in this test is placed LAST, with 85% detection for 0 day malware and 96% for 4 weeks old malware
http://www.av-test.org/en/tests/home-user/windows-xp/marapr-2013/
And on virus bulletin missed 7 month from tests...(august 2012 - april 2013)
And these are not the only poor ratings, there are tons of bad review.

On a daily basis I use Avast antivirus and Comodo firewall and 8 scanners for cross checking once a month: Clamwin, Kaspersky security scan, Bitdefender's 60 second virus scanner, Emsisoft emergency kit, F-secure online scanner, HitmanPro, Superantispyware and Mallwarebytes =)) too much? =))

I liked Emsisoft emergency kit and Clamwin because I used them from a usb stick at work, after Kaspersky rescue disk and I "sticked" with them... (I found your antivirus through google, searching for a portable antivirus)

And I still do want to see official tests with clamwin and sentinel Sad
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4254
Location: USA
Reply with quote
Contradiction noted!

I have been preparing virus signatures for Clam AV for 5 years. When I need a "second opinion" as to whether or not a sample file is infected, I use Microsoft Security Essentials as one of my tools, and it usually gets it right. I used to respect the AV-Test tests, but I now believe they are not realistic. Note that AV-Test "certifies" AVs. Certification usually entails a payment by the AV. Also, note that MSE (in the form of Windows Defender on Windows 8) gets a 92% baseline rating by AV Comparatives--that's not too bad. Windows Defender is the same as MSE except it has the additional protection of launching early in the boot process to detect hidden rootkits. I think that MSE will find most of the malware that will infect the average user. An lab test is not the same as a user test.

Most AVs do a poor job of detecting malware that is in non-Windows PE files, which is where you find a lot of the exploits. Most malware is wrapped in Windows PE files. If a virus test set includes a lot of non-PE files, an AV that is set up to detect most malware that will infect its users, it will not look very well on the test, but most of its users will still be well-protected.

Additionally, many of the big name AVs come with extra protection modules that MSE does not have. To get that extra protection with MSE, you have to include the protection offered by the Internet Explorer safety featuresin the testing--such as SmartScreenFilter. I will conclude by saying that MSE is a small, light AV that gives its users good protection against malware--for free. If you want something substantially better than that, you will have to pay for it!

I do not think you will see any tests of ClamWin/ClamSentinel. We have offered ClamSentinel to some of the online AV scanners, and they are not interested. I can't speak for the ClamWin developers, but the Clam Sentinel project has adopted the same philosophy of protecting its users instead of bothering with tests.

Regards,
View user's profileSend private message
good protection?
cata_pkz


Joined: 10 Jun 2013
Posts: 3
Location: EU
Reply with quote
But in your opinion, other than Microsoft's AV, which one ofer a good protection, both in heuristic and in known threats? What do you think, which is the best?

I see that (at least in official tests) Bitdefender is rated as one of the best and I remember a few years ago that my os was full of viruses, trojans, worms and it never detected any...
I swiched to KAV who found lots of active threats on the same OS on which Bitdefender (8 free) didn't find anything.

My personal favourite Av was RAV - bought and closed by Microsoft in '05 Sad

Now I'm pleased with Avast which I use on my desktop, tablet and phone, and who didn't failed me not even once in the past few years.

I'm courious to see what a security professional have to say about AV solutions and not a company payed by them Very Happy
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4254
Location: USA
Reply with quote
I think there is no one "best AV. All of the AVs used on Jotti or Virus Total offer good protection. One will be better than another in certain areas: heuristics, signatures, detection, removal, customer service, update improvements, etc. They all have hard-working people dedicated to detecting and removing malware. I like to see an AV that has frequent signature updates, one annual improved version (at least), and a good concern for their customers. I like to see them stressing detection of malware rather than expansion of the business.

Regards,
View user's profileSend private message
How to make own .cvd or cld file
chaitanya


Joined: 24 Dec 2015
Posts: 1
Location: India
Reply with quote
Hi Everyone.

I have used sigtool to unpack the signature Database main.cvd then I got main.ndb,main.hdb,main.db and so on....
I want to pack only main.db and main.ndb as main.cvd . Can any one support in this...?
View user's profileSend private messageSend e-mail
Virus Database Updates
paulnevin30


Joined: 11 Mar 2016
Posts: 1
Reply with quote
To update the ClamAV database do sudo freshclam.

NAME
freshclam - update virus databases

SYNOPSIS
freshclam [options]

DESCRIPTION
freshclam is a virus database update tool for ClamAV.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4254
Location: USA
Reply with quote
Won't work--this is ClamWin for Windows--not Clam AV for Linux. ClamWin uses the Clam AV signatures with a Windows port.

Regards,
View user's profileSend private message
Clame Virus Database
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic