ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
So no new Clamwin 0.99.2 then?
jimimaseye


Joined: 04 Jan 2014
Posts: 89
Reply with quote
ClamAV 0.99.2 was released in May 2016 (I think). There is also a Windows version of it https://www.clamav.net/downloads#otherversions. Sherpya's port at http://oss.netfarm.it/clamav/ is also 0.99.2 and claims also to be used in Clamwin.

So, another year on, are there no plans to generate Clamwin 0.99.2? (Im sick of seeing the definition update reports moaning at me about being out of date)

What do we think?

Cheers.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4131
Location: USA
Reply with quote
No, ClamWin version .99.1 is the latest one. Sometimes the ClamWin developers do not port a Clam AV version over to ClamWin if it only affects the Linux OS, or if the Clam AV changes do not result in improvements in detection for Windows machines. I have suggested some time ago that they suppress the Clam AV "out of date" messages.

There is no GUI user interface (or other nice aids for users) for the Windows version from Clam AV. There may still be a GUI on Sherpya's web page, but it is only minimal.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 89
Reply with quote
If I remember correctly the .2 version introduced the ability to perform YARA rules (amongst other things) which would apply to all platforms (and therefore isnt linux OS specific). Might be wrong though. According to Clam CHANGELOG is quite extensive though: https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog

Perhaps the developers could offer a word on this upgrade delay/restriction. (Do they actually look at this forum - where does one find them milling about?)
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4131
Location: USA
Reply with quote
Developer Alch checks the forum and usually replies if expertise is needed.

You are correct about Yara detections (plus some additional). My guess, however, is that this would possibly require some additional coding to ClamWin that they do not want to do. ClamWin was originally written back around 2005 or so for simple Windows user protection when malware was strictly file-based, activated by users, and could be detected via static scanning. ClamWin (and Clam AV to a bit lesser extent) has retained that orientation. That is why the ClamWin developers recommend you use it as a backup to a real-time antivirus scanner. Cisco/Sourcefire has been reluctant to do much for the Windows environment (that's why ClamWin was developed), but it seems that Clam AV is slowly being forced to accommodate some additional detections by its primary email server users, although Clam AV remains Linux-based.

ClamWin badly needs a technological update. There have been a few attempts to do so--with no results. The last ones that I can recall were the addition of the ability to restore from quarantine via the QRecover utility and the Clam Sentinel resident front end added via a separate project in 2012.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 553
Location: **UNKNOWN**
Reply with quote
YARA rules was done in version .99, as a major update to ClamAV, so you should be able to use YARA rules right now.

More recently, ClamAV is combining their database with third part databases to help improve detection ratios, but this is done server side and should work with any supported ClamAV version: http://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html

However, I don't think many third party databases will do this as some of them charge for their services. But you never know. Things can always change.

I still like ClamAV because it is highly customization and you can make your own signatures for malware, instead of waiting for the company to do it, which could them a whole day, but I feel like if you want any extensive work done on ClamWin, you are better off forking it yourself and doing it there.
View user's profileSend private message
So no new Clamwin 0.99.2 then?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic