ClamAV should add heuristic detection ability in order to keep up with those commercial ones,such as NOD32.

Heuristics certainly play a part in state-of-the-art virus detection. They need to be intelligently applied in order to prevent false positives. Some of the smarter AV software is now adapting their heuristics to detect virus "families."

The ClamWin team is currently concentrating upon making it memory resident. After that, perhaps they will look at heuristics. The engine for Clamwin is the ClamAV program, so ClamWin is largely dependent upon what the ClamAV team does. I understand The ClamAV team has said they will incorporate some heuristics next year, and Version 0.90 will be a significant upgrade in detection ability. ClamWin will benefit also.

In my opinion, the ability of an antivirus program to unpack software ranks right up there with heuristics. Some of the commercial antivirus software isn't yet able to unpack some of the packers used to hide viruses. A new virus coupled with an unrecoginzed packer can really hurt!AVG, for instance, can't do anything with 7zip, although ClamWin can.

The size of the virus signature database is also important, and the ClamAV team has really been working hard to increase theirs. They had about 60,000 signatures when I started using ClamWin back in July. They are up to about 83,000 now, which is larger than the database used by a couple of the commercial antivirus firms. 100,000 signatures should be another milestone.

Regards,