From owner-freebsd-questions@FreeBSD.ORG Wed Mar 23 23:01:41 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5CAF16A4CE for ; Wed, 23 Mar 2005 23:01:41 +0000 (GMT) Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63E7743D4C for ; Wed, 23 Mar 2005 23:01:41 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from utd49554 (utd49554.utdallas.edu [129.110.3.85]) by smtp1.utdallas.edu (Postfix) with ESMTP id 8D1AE388C4C for ; Wed, 23 Mar 2005 17:01:40 -0600 (CST) Date: Wed, 23 Mar 2005 17:01:40 -0600 From: Paul Schmehl To: freebsd-questions@freebsd.org Message-ID: <423551A7187FB1AEDBCC9A2A@utd49554.utdallas.edu> In-Reply-To: <200503232145.57304.list-freebsd-2004@morbius.sent.com> References: <20050323204710.56664.qmail@web30202.mail.mud.yahoo.com> <3831.216.220.59.169.1111611800.squirrel@216.220.59.169> <200503232145.57304.list-freebsd-2004@morbius.sent.com> X-Mailer: Mulberry/3.1.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: Firewall questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Paul Schmehl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2005 23:01:41 -0000 --On Wednesday, March 23, 2005 09:45:56 PM +0000 RW wrote: > > Clamav is supposed to be good for filtering windows viruses out of email. > I know Fastmail.fm dropped Kaspersky in favour of Clamav, they claimed > the updates to be at least as good. > We did some pretty thorough testing of Clamav, uvscan (McAfee) and sophie (Sophos) side by side on a mail gateway using amavisd. Clamav was *almost* as good as McAfee and definitely better than Sophos at detecting viruses. Clamav beat uvscan hands down on cpu usage and detection of Phishing scams. Here's our latest stats - clamav is primary. uvscan only gets used if clamav doesn't detect a virus. These statistics represent data from 2005-03-01 to yesterday Total detections - 7369 Total phishing scams - 7080 Total viruses - 289 Total McAfee - 23 Total ClamAV - 266 The last two lines are *unique* detections. Basically what it means is that clamav missed 23 viruses that uvscan subsequently caught. So clamav has a 92.04% virus detection rate so far for the month. (Updates are fetched and installed automatically for both scanners.) When I was keeping separate stats on each, clamav ran about a half a percent behind uvscan and sophie *never* had an independent detection. It also had a much lower detection rate. (E.g. clamav 94.6, uvscan 95.3, sophie 91.8) Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu