|
equinox1510
| Joined: 29 May 2013 |
| Posts: 0 |
| Location: EU |
|
|
 Posted: Wed May 29, 2013 5:57 am |
|
 |
 |
|
|
There is a new antivirus based on libclamav at https://www.netgate.sk/products/amiti-antivirus/ for download,
it is called Amiti Antivirus with skin support and multilingual.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri May 31, 2013 8:38 pm |
|
|
|
|
|
It needs some work. It failed to detect my 3 EICAR test files and also 4 new viruses for which I was preparing Clam AV signatures. The scan shields were active, too. It uses the Clam AV signatures, and I do not think it has any heuristics. Relying only upon the Clam AV signatures does not give much protection against new viruses.
On the other hand, the Clam Sentinel program, which scans in real-time with ClamWin but also has its own heuristic engine, detected the 4 new viruses and quarantined them as "suspicious" with its heuristics when they were dropped into the %Appdata% folder, and it detected 2 of them when they were dropped into a C:\Test folder. The majority of viruses will be in the %Appdata% or Windows folders.
Regards,
|
|
|
|
xqrzd
| Joined: 18 Feb 2013 |
| Posts: 0 |
|
|
|
| Posted: Sat Jun 01, 2013 10:54 pm |
|
|
|
|
|
My thoughts:
A dated approach. You should use a filter driver instead of PsSetCreateProcessNotifyRoutine / global events. You should at least use PsSetCreateProcessNotifyRoutineEx so you don't need to hack around limitations.
It doesn't scan files with unicode characters. Renaming the clam test file bypasses your process block.
Your named pipe implementation isn't correct, it continuously uses a lot of I/O.
|
|
|
|
Lipper
| Joined: 31 Oct 2010 |
| Posts: 0 |
| Location: USA |
|
|
| Posted: Sat Jun 01, 2013 10:58 pm |
|
|
|
|
|
Thanks for testing and the heads up, GuitarBob. I'll stick with ClamWin and Clam Sentinel.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sat Jun 01, 2013 11:35 pm |
|
|
|
|
|
Neither ClamWin nor Clam Sentinel use filter drivers, but I have hopes... Clam Sentinel does use exclusive control when scanning, but I fear that is still not good enough for fast-acting malware.
Regards,
|
|
|
|
freefighter
| Joined: 20 Oct 2007 |
| Posts: 0 |
| Location: Bavaria |
|
|
| Posted: Sun Jun 02, 2013 11:30 am |
|
|
|
|
|
Hello,
I have checked this Antivirus, too. It installs up to Win 7 64 Bit, but does not work with Windows 8. It uses a lot of hard disk space as well as memory (200 MB). Cpu load is three times higher then with MSE. I think they still have to do a lot of work on it. But I am glad that someone is using Clamav as a basis for a Windows antivirus again since Spyware terminator has abandoned its Clamwin plugin. Let's keep an eye on it.
Have a nice weekend!
Tom
|
|
|
