the newest results for the antivirus test of virus.gr has been published and these are the results
Rank

1. Kaspersky version 7.0.0.43 beta - 99.23%

2. Kaspersky version 6.0.2.614 - 99.13%

3. Active Virus Shield by AOL version 6.0.0.308 - 99.13%

4. ZoneAlarm with KAV Antivirus version 7.0.337.000 - 99.13%

5. F-Secure 2007 version 7.01.128 - 98.56%

6. BitDefender Professional version 10 - 97.70%

7. BullGuard version 7.0.0.23 - 96.59%

8. Ashampoo version 1.30 - 95.80%

9. eScan version 8.0.671.1 - 94.43%

10. Nod32 version 2.70.32 - 94.00%

11. CyberScrub version 1.0 - 93.27%

12. Avast Professional version 4.7.986 - 92.82%

13. AVG Anti-Malware version 7.5.465 - 92.14%

14. F-Prot version 6.0.6.4 - 91.35%

15. McAfee Enterprise version 8.5.0i+AntiSpyware module - 90.65%

16. Panda 2007 version 2.01.00 - 90.06%

17. Norman version 5.90.37 - 88.47%

18. ArcaVir 2007 - 88.24%

19. McAfee version 11.0.213 - 86.13%

20. Norton Professional 2007 - 86.08%

21. Rising AV version 19.19.42 - 85.46%

22. Dr. Web version 4.33.2 - 85.09%

23. PC-Cillin 2007 version 15.00.1450 - 84.96%

24. Iolo version 1.1.8 - 83.35%

25. Virus Chaser version 5.0a - 79.51%

26. VBA32 version 3.11.4 - 77.66%

27. Sophos Sweep version 6.5.1 - 69.79%

28. ViRobot Expert version 5.0 - 69.53%

29. Antiy Ghostbusters version 5.2.1 - 65.95%

30. Zondex Guard version 5.4.2 - 63.79%

31. Vexira 2006 version 5.002.62 - 60.07%

32. V3 Internet Security version 2007.04.21.00 - 55.09%

33. Comodo version 2.0.12.47 beta - 53.94%

34. Comodo version 1.1.0.3 - 53.39%

35. A-Squared Anti-Malware version 2.1 - 52.69%

36. Ikarus version 5.19 - 50.56%

37. Digital Patrol version 5.00.37 - 49.80%

38. ClamWin version 0.90.1 - 47.95%

39. Quick Heal version 9.00 - 38.64%

40. Solo version 5.1 build 5.7.3 - 34.52%

41. Protector Plus version 8.0.A02 - 33.13%

42. PcClear version 1.0.4.3 - 27.14%

43. AntiTrojan Shield version 2.1.0.14 - 20.25%

44. PC Door Guard version 4.2.0.35- 19.95%

45. Trojan Hunter version 4.6.930 - 19.20%

46. VirIT version 6.1.75 - 18.78%

47. E-Trust PestPatrol version 8.0.0.6 - 11.80%

48. Trojan Remover version 6.6.0 - 10.44%

49. The Cleaner version 4.2.4319 - 7.26%

50. True Sword version 4.2 - 2.20%

51. Hacker Eliminator version 1.2 - 1.43%

52. Abacre version 1.4 - 0.00%

why is the result of clamwin so bad? are you trying to expand the database because these results were very bad for clamwin. ı was expecting abetter result. any comments?

it's very hard to tell why without knowing what samples the products have been tested with.

I can only guess and suspect that the if the test-set consists of rather old samples, collected before ClamAV has been around, then commercial products have an edge because they started to populate their virus databases much earlier. Although in the real world scenario these figures mean very little, it doesn't matter much if ClamAV/ClamWin cannot detect an old Win3.1 or DOS virus that is harmless in modern Windows. What does matter is how quickly an AV can react to a new threat and ClamAV database team excels in that.

In all the test results I've seen, ClamWin seems to get about 50% of the viruses, which isn't too bad for a project run on a part-time basis with donated resources against full-time, well-paid/supplied competition, many of whom have been in business since about 1990 or earlier. I recall that I first used McAfee in 1989!

ClamWin is dependent upon ClamAV for malware signatures. ClamAV is designed/used primarily for email service providers, and it does a pretty good job at that. However, some of the viruses/malware in these tests consists of Windows viruses that you will encounter in situations other than emil--such as Active X scripts and other exploits. I don't think Clam is set up too well for that.

ClamAV has recently improved its detection process (with version 0.90) by adding support for several commonly used malware packers, but if it can't unpack malware, it can't recognize it. On the other hand, the commercial antivirus programs have generic unpackers for backup support. As far as I know, ClamAV doesn't have anything like that. I feel confident that it would recognize more malware if it did. In addition, the larger commercial AV software also uses heuristics and behaviorial analysis of code.

If we want ClamAV/ClamWin to improve more, let's support them! They've done a pretty good job so far, but the developers aren't operating in a vacuum.

Regards,

Regards,

Here's a look at the problem from Panda:

https://research.pandasoftware.com/blogs/research/archive/2007/02/12/Packing-a-punch.aspx.

Regards,

Clam detects most of the viruses that are on the Wildlist as of March 20, 2007. So the capability is there in the signature database. If it didn't detect well in the test, it has to be because it was unable to unpack/decrypt a significant portion of the malware in the test.

Something to consider, the well-financed, largeantivirus firms with full-time staffs can unpack all kinds of malware, but malware doesn't really become malware until it's unpacked and RUN. There is some malware that uses runtime unpackers, but you will need a very quick on-access scanner to detect/stop it as it unpacks/runs automatically, and that's out of ClamWin's function until the next version. Emulation might help with this.

Regards,