You should also note that Avira and Bitdefender are commercial products. They have people working on it 24/7. ClamAV is only volunteer. No one works full time and no one is getting paid. .99, he upcoming version which is currently in beta phase, has many measures of improving detection by utilizing Snort and Yara rules. Also, I don't see them adding a signature for malware that is 17 months old, so it could have been from one of their newer dynamic signature type that detected a newer version of that piece, while also detecting the older piece, for which you had. As Bob said, no AV is 100% and any AV will have it's misses. If more people would volunteer to build ClamAV, it would get better. That's how open-source works.

I for one fully understand that of course. I wrote the experiences down to detail the summary of comparisons which is what many people require and ask for when searching for an AV solution.

Of course, though, it isnt so simple or just to just dismiss such comparisons and summaries because, after all, Clam exists to provide a particular job; and if 'the people' ("authors") that are responsible for it do not get feedback on it then they wouldnt be able to improve it. To think that someones experiences (written or otherwise) is worthy of a "we do our best so stop moaning" actually doesnt achieve the goal of being a reliable product. And if no one used it (because it was so terrible) and the authors didnt know WHY it wasnt being used, then their efforts would all be in vain and wasted. So it is perfectly reasonable for people to make the comparisons and report the findings. After all, what is the point of spending time on writing and marketing a program that frankly is useless and will never be used by anyone. (Also, we bear in mind the nature of a the product: an Anti Virus product. No point in people loading it thinking their system will be protected somewhat, just to find that the one virus it didnt stop that destroyed their PC was because it was one that simply wasnt considered because 'we dont have time'. That's no consolation.)

It should be noted, for those that fail to see it, that I said in the previous post that I use Bitdefender, Avira and Clam. That means I use Clam and therefore I have CHOSEN to still use clam. And that gives me the right to comment on its effectiveness and give my feedback to such.

I agree about the comment about it being doubtful they have just added a signature for a virus that is 17 months (old and that its likely a consequence of a heuristic maybe to a newer virus recently). That leaves me wondering though: does this REALLY make the situation more acceptable...... or does it make it worse?

p.s "Snort and Yara" Is this a software or narcotic??

Snort is Sourcefire's Intrusion Detection/Prevention software and Yara is a malware rule list. I guess you can say, this is most likely where almost all of ClamAV's dynamic signatures will be coming from and the closes thing they will ever make to a heuristic engine. When Sourcefire acquired ClamAV back in 2007, there was talk about future plans to utilize Snort rules into ClamAV, but the original developers never got to it. I am guessing that ClamAV will only be able to use the free rules provided by Snort and not the paid ones.

Don't dismiss Snort--the paid version of it enabled Sourcefire to get into the commercial/governmental intrusion detection market, and it is now the prevailing intrusion detection system (IDS). It also brought Sourcefire to the attention of Cisco, which bought it out almost 2 years ago. The IDS boys go about it a bit different than do the AV boys, but they each have their place in computer security.

Regards,

Just so everyone is aware, I submitted a bug thread to the ClamAV team because ClamAV native ports also do not run as a service on Windows system, so I filed a bug to them here: https://bugzilla.clamav.net/show_bug.cgi?id=11505

They said they will look into it. If they do get ClamAV to run as a service, it should be fairly easy to get the ClamWin port to do the same.

FYI:

I did testing (out of naivety) between Clamwin 'Clamd' and native windows port 'Clamd': https://www.hmailserver.com/forum/viewtopic.php?p=182928#p182928 and read the next 5 or 6 posts onwards.