ClamAV 0.99.2 was released in May 2016 (I think). There is also a Windows version of it https://www.clamav.net/downloads#otherversions. Sherpya's port at https://oss.netfarm.it/clamav/ is also 0.99.2 and claims also to be used in Clamwin.

So, another year on, are there no plans to generate Clamwin 0.99.2? (Im sick of seeing the definition update reports moaning at me about being out of date)

What do we think?

Cheers.

No, ClamWin version .99.1 is the latest one. Sometimes the ClamWin developers do not port a Clam AV version over to ClamWin if it only affects the Linux OS, or if the Clam AV changes do not result in improvements in detection for Windows machines. I have suggested some time ago that they suppress the Clam AV "out of date" messages.

There is no GUI user interface (or other nice aids for users) for the Windows version from Clam AV. There may still be a GUI on Sherpya's web page, but it is only minimal.

Regards,

If I remember correctly the .2 version introduced the ability to perform YARA rules (amongst other things) which would apply to all platforms (and therefore isnt linux OS specific). Might be wrong though. According to Clam CHANGELOG is quite extensive though: https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog

Perhaps the developers could offer a word on this upgrade delay/restriction. (Do they actually look at this forum - where does one find them milling about?)

Developer Alch checks the forum and usually replies if expertise is needed.

You are correct about Yara detections (plus some additional). My guess, however, is that this would possibly require some additional coding to ClamWin that they do not want to do. ClamWin was originally written back around 2005 or so for simple Windows user protection when malware was strictly file-based, activated by users, and could be detected via static scanning. ClamWin (and Clam AV to a bit lesser extent) has retained that orientation. That is why the ClamWin developers recommend you use it as a backup to a real-time antivirus scanner. Cisco/Sourcefire has been reluctant to do much for the Windows environment (that's why ClamWin was developed), but it seems that Clam AV is slowly being forced to accommodate some additional detections by its primary email server users, although Clam AV remains Linux-based.

ClamWin badly needs a technological update. There have been a few attempts to do so--with no results. The last ones that I can recall were the addition of the ability to restore from quarantine via the QRecover utility and the Clam Sentinel resident front end added via a separate project in 2012.

Regards,

YARA rules was done in version .99, as a major update to ClamAV, so you should be able to use YARA rules right now.

More recently, ClamAV is combining their database with third part databases to help improve detection ratios, but this is done server side and should work with any supported ClamAV version: https://blog.clamav.net/2016/07/crdf-joins-clamav-signature-partner.html

However, I don't think many third party databases will do this as some of them charge for their services. But you never know. Things can always change.

I still like ClamAV because it is highly customization and you can make your own signatures for malware, instead of waiting for the company to do it, which could them a whole day, but I feel like if you want any extensive work done on ClamWin, you are better off forking it yourself and doing it there.

Is ALCH or SHERPYA the ones that do the port of ClamAv to Clamwin? (Can you confirm).

Also, given that CLamAV are about to release 0.99.3 can I ask them directly if they have any plans to update Clamwin? (As I said above, Sherpya has already got his own port of 0.99.2 to windows on his website - maybe the work required to integrate his port in to Clamwin is not so much?)

I guess this post is directed and for the attention of Alch and Sherpya.

Clam AV has nothilng to do with ClamWin. The ClamWin developers originally used Clam AV because if was/is open source with a usable library, whch enabled them to quickly get a free AV for Windows users.

Sherpya prepares the ClamWin Windows port of the original Clam AV source code. The port of Clam AV 99.2 was not used for ClamWin because it was decided that the Clam AV source code primarily affected the Clam AV base of Linux email servers. The ClamWin developer (Alch) uses the port if there are improvements in detection that can be applied in the Windows environment. Not all Clam AV capabilities can be used in the prevent version of ClamWin.

The free Immuney AV (also owned by Cisco) uses the up-to-date port of Clam AV. It makes heavy use of the cloud but is not open source. You can get it at https://www.immunet.com/ on the web.

Regards,

So that I know, is Alch going to answer this post himself or are you the spokesperson on his behalf?

Let's see if he answers!

Regards,