ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » Virus Scanner
Reply to topic
ClamWin less effective after recent updates.
nedwin


Joined: 06 Nov 2014
Posts: 0
Location: USA
Post Posted: Thu Nov 06, 2014 5:59 pm Reply with quote
On Oct 20 I installed the ClamWin portable version 0.98.4.1 on a USB stick and ran a scan of my C: for a trial run. Pow! Seven hits including a couple of Trojans. My Norton 360 was blind to the items even when I scanned the individual folders containing the problem files. Finally scanning the exact files Norton picked up on the infections. I did not delete all the infected files but decided to keep them in a corner for testing malware software. on Oct 22 I installed ClamWin on my computer and once again the bad files were found. Now more recently after keeping up with definition updates the portable and computer versions will not see the infected files. But if I scan with a not updated version on one of my USBs the problems are still detected.

The lack of detection did not occur on only a single item but everything previously detected. It would be good to know where that great sensitivity went. Thanks for any insights.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 0
Location: **UNKNOWN**
Post Posted: Thu Nov 06, 2014 6:32 pm Reply with quote
Maybe they were false positives? You should scan with Virustotal to see if they were real or not. https://www.virustotal.com/

Norton has went down hill over the years. They use to be good, but their detection went to the floor.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Thu Nov 06, 2014 6:50 pm Reply with quote
Norton's detection on USB and its detection on a PC may differ. Some AVs do not give much attention to USBs--Conficker/other inf malware is not as prevalent as it used to be.

As RRK said--those detections by the Clam AV signatures may have been false positives (they probably are). Scan the files involved with Virus Total for sure.

Is is my experience, unfortunately, that if malware is new/not widespread, Clam AV will not have a signature for it. If it does get one, it is very late in the game. It does not have any heuristics to detect suspicious/new malware (that is why Clam Sentinel was developed--to at least give ClamWin users a set of basic heuristics to supplement the poor Clam AV signatures that we have to use). The Clam AV signatures also give too many false positives because the Clam AV false positive "farm" that is used to check new signatures before release does not have enough Windows files (Clam AV was/is primarily a Linux email scanner that has no need for real-time detection of executable files--they refuse to recognize that the files to be detected are run on actual Windows computer systems).

Regards,
View user's profileSend private message
ClamWin less effective after recent updates.
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » Virus Scanner
 Reply to topic