 |
 | ClamWin less effective after recent updates. |  |
|
nedwin
|
|
On Oct 20 I installed the ClamWin portable version 0.98.4.1 on a USB stick and ran a scan of my C: for a trial run. Pow! Seven hits including a couple of Trojans. My Norton 360 was blind to the items even when I scanned the individual folders containing the problem files. Finally scanning the exact files Norton picked up on the infections. I did not delete all the infected files but decided to keep them in a corner for testing malware software. on Oct 22 I installed ClamWin on my computer and once again the bad files were found. Now more recently after keeping up with definition updates the portable and computer versions will not see the infected files. But if I scan with a not updated version on one of my USBs the problems are still detected.
The lack of detection did not occur on only a single item but everything previously detected. It would be good to know where that great sensitivity went. Thanks for any insights. |
|||||||||||
|
|||||||||||||
 |
| |
|
ROCKNROLLKID
|
|
Maybe they were false positives? You should scan with Virustotal to see if they were real or not. https://www.virustotal.com/
Norton has went down hill over the years. They use to be good, but their detection went to the floor. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Norton's detection on USB and its detection on a PC may differ. Some AVs do not give much attention to USBs--Conficker/other inf malware is not as prevalent as it used to be.
As RRK said--those detections by the Clam AV signatures may have been false positives (they probably are). Scan the files involved with Virus Total for sure. Is is my experience, unfortunately, that if malware is new/not widespread, Clam AV will not have a signature for it. If it does get one, it is very late in the game. It does not have any heuristics to detect suspicious/new malware (that is why Clam Sentinel was developed--to at least give ClamWin users a set of basic heuristics to supplement the poor Clam AV signatures that we have to use). The Clam AV signatures also give too many false positives because the Clam AV false positive "farm" that is used to check new signatures before release does not have enough Windows files (Clam AV was/is primarily a Linux email scanner that has no need for real-time detection of executable files--they refuse to recognize that the files to be detected are run on actual Windows computer systems). Regards, |
|||||||||||
|
|||||||||||||
|
 | ClamWin less effective after recent updates. | |
|
|||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.