I see listed in the features the fact that ClamWin has a high detection rate for Spyware, amongst other things.

However, my understanding is that the underlying clamav project doesn't try to catch a lot of Spyware (being a virus-scanner) and wondered if ClamWin uses different databases? Or I've misunderstood something? Or there is some other explanation?

Any feedback or guidance much appreciated!

Thanks,
James.

I guess it depends on how you define spyware. Many of the trojan phishers it does detect, however, the "adware" and "commercial keylogger" categories are not targeted by the ClamAV engine at all.

Antivirus companies in the past have not even had anything to do with targeting adware/spyware/otherware besides viruses. Some of them didn't do much with worms/trojans initially. The antivirus companies are now incorporating other types of malware into the stuff they recognize. Right now, if they don't have this capability, they are buying up smaller firms (a la AVG buying Ewido recently). Within a couple of years, (if they are smart), they will (and should) have integrated anything that is malware into their products.

ClamAV presently does a fairly decent job for a standalone, nondedicated antivirus product in recognizing ad/spy ware. If the large email services see it, ClamAV (and ClamWin) will also. I recently got a phishing trojan, and Clam was one of the few that had it in their database. ALL antivirus products need to do more, however. Malware is malware, no matter what you call it.

Regards,

I heared, that the ClamAV team will enhance the detection rate next time (including spyware and other malware).
Can someone confirm that?

And btw: What is about rootkits? Are there any plans?

ClamAV is one of the organizations that receives notifications of phishing and related malware actions from the PIRT squad started by Castle Cops (https://www.castlecops.com/pirt). ClamAV recently had discussions with a party who develops phishing/scam signatures--don't know exactly what came of it. Last summer, ClamAV used some interns who developed an anti-phishing procedure, but I don't think that ClamWin can use it yet. As a participating antivirus scanner in VirusTotal, Clam/ClamWin receives copies of malware from VirusTotal--including the non-viral stuff. Certainly ClamWin will eventually benefit from ClamAV improvements.

Regards,

ClamWin already detects several rootkits. Do a search of the signature database at https://clamav-du.securesites.net/cgi-bin/clamgrok and you will see them, and you will be surprised at the number. This is quite an improvement over a couple of months ago, when I only saw a couple of rootkit signatures.

I've found out that rootkits aren't quite the problem they were a year or so ago. Many antivirus scanners are now set up to detect them. As always, the real problem is getting signatures for those that they don't yet know about. It's encouraging, however, that some of the scanners are starting to emphasize generic signatures.

Regards,