Jump to content

Talk:ClamAV

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

From VfD:

[edit]

Advertising. RickK 20:54, Aug 10, 2004 (UTC)

  • Can somebody explain how this got deleted from the VfD page? RickK 05:57, Aug 11, 2004 (UTC)
  • Whatever happened, it needs to be deleted. TPK 06:36, 11 Aug 2004 (UTC)
  • Keep, NPOV / cleanup, is quite a popular package among us sysadmins what have to clean up all the Windows-generated muck clogging the email systems. --Ianb 06:47, 11 Aug 2004 (UTC)
  • Keep, popular program, I use it on 2 servers myself. I'll try to cleanup. Thue | talk 16:32, 11 Aug 2004 (UTC)
  • Keep. I'll assume prior comments are correct as to the notability of this topic. If it can be cleaned up, it should be kept. Skyler 18:48, Aug 11, 2004 (UTC)
  • Keep. Widely used and notable. - Centrx 19:05, 12 Aug 2004 (UTC)
  • Keep. --Dittaeva 21:20, 15 Aug 2004 (UTC)
  • Keep. Notable (for sysadmins though). Przepla 21:39, 16 Aug 2004 (UTC)

end moved discussion

ClamWin

[edit]

Not diss-ing the product, just thinking of the Ordinary User, who needs to know this.... (ClamWin page could do with similar warning)

"note that ClamWin differs from ClamAV and often has lower detection rates" - ClamWin uses the current version of ClamAV. As of right now, this is 0.95.3. Where is there any citation that shows different detection rates? --Kurt (talk) 04:03, 27 February 2010 (UTC)[reply]
I agree, it is uncited and doesn't logically make sense since Clamwin is just a GUI front end to ClamAV - I'll remove it.
In discussion [1]: has been said that ClamAV and ClamWin has near nothing in common, especially they use different databases. It was written about 2010 and by person looking to be developer of, or other way connected with ClamAV. 10:21, 3 December 2014 (UTC) — Preceding unsigned comment added by 193.22.175.1 (talk)
I read that thread and it is important to not confuse ClamWin with ClamAV for Windows as they are different products. - Ahunt (talk) 13:17, 3 December 2014 (UTC)[reply]

windows viruses?

[edit]

Can someone clarify wheter clamav detects only Windows viruses, or MacOS and Linux viruses as well. (do the latter exist? ) —The preceding unsigned comment was added by 195.229.242.88 (talk) 16:08, 9 March 2007 (UTC).[reply]

Yeah I'd like to know this as well. Linux viruses do exist but they're not common when it comes to home users. That might change though if Linux drastically increases its market share among home users (Linux is already huge in the server market). — Preceding unsigned comment added by 95.147.5.140 (talk) 10:25, 11 August 2019 (UTC)[reply]
Linux already dominates in computing in general, as the majority of cellphones run Linux. The reason Linux malware is rare is because it is mostly ineffective; it is nothing to do with Linux's market share. ClamAV detects any virus in its databases, which includes sigs for Linux viruses. - Ahunt (talk) 17:39, 11 August 2019 (UTC)[reply]
Linux doesn't dominate in computing "in general" at all; for that to be true it would have to dominate in the home market and it doesn't. Linux has a tiny home user share of just a few percent compared to Windows (meaning desktops & laptops, who would count Android phones in these figures?). As for Android phones, they run a modified Linux kernel. Android phones are kinda sorta Linux, but not what most people think of when they think of a desktop or laptop running Linux (which often means GNU/Linux). Android also contains a lot of proprietary Google apps like the Play Store, Gmail, YouTube and Chrome (so Android isn't remotely free/libre), plus there are a lot of things people can't do on an Android phone that they can do on a Linux laptop or desktop (like running ClamAV to name just one). The reason Linux malware is rare is (a) because users have to enter the superuser password to install software, (b) because of regular security updates and (c) because of Linux's tiny home market share. If the situation was reversed and Linux had the market share that Windows does, malware developers would concentrate on the bigger target, which would be Linux. And to infect Linux users' machines the most effective ways of doing that would probably be social engineering/spear phishing (i.e. tricking people to run software as the superuser), malware masquarading as legitimate programs downloaded from websites & PPAs (rather than the repos) and altering software in the repos so they contain malware (installing software considered safe because it's from a reputable source is one of the hardest things to defend against as happened with CCleaner a while back. The biggest challenge there no doubt would be faking checksums but I'm sure someone clever enough could work out how to do it). There are no doubt methods that could be used for privilege escalation too.
As for ClamAV I'd like to know what percentage of its signatures are for Linux malware and what percent for other OSes. Also the section on effectiveness is very out of date. — Preceding unsigned comment added by 95.147.5.140 (talk)
Yeah that is a common myth. Desktop users these days are a tiny fraction of the total number of computers in use. Because Linux dominates in super computers, servers, web servers and is run by many large organizations with infrastructure critical employment, like the ISS, The US Army, US Navy and Nav Canada, it should be a very big target for malware. You explained much of it above, though, it is just quite hardened against malware. It is hard to install and run malware on Linux, so most writers concentrate on easier targets instead. See this and this for more background on that.
I have never seen a breakdown on the ClamAV sig files, but if you can find a ref that does analyze them for virus OS then we can add it to the article. Likewise more recent effectiveness testing results requires references quoting published test results. If you have them we can add them. - Ahunt (talk) 17:42, 12 August 2019 (UTC)[reply]
What exactly is a common myth? You wrote "Desktop users these days are a tiny fraction of the total number of computers in use." That has nothing to do with the fact that most home users use Windows, not Linux. Plus when it comes to non-home users, there are plenty of businesses and industries around the world that use Windows desktops (and laptops), so I'm not sure how accurate your "tiny" statement is.
As for the organisations you mentioned, of course they're a large target for malware. I expect people/nation states are trying to hack them 24/7 regardless of the OS they use.
Some Linux distros are more hardended than others, but for someone to think that using Linux makes him/her unhackable is simply complacent. As for referring to Windows as an easier target, I've heard in a couple of YouTube videos on computer security that exploit kits aren't as effective these days against Windows as they used to be (and users of such kits were complaining about their loss of revenue). I'd say that this is because Windows 10 comes with Defender firewall and anti-malware enabled by default, plus Defender also has anti-exploit features that were adopted from EMET (such as ASLR, SEHOP and heap integrity validation) as well as core isolation. Anti-ransomware can also be turned on in Defender as well as memory integrity (which is part of core isolation). Windows 10 is far more secure than previous versions of Windows and adding uBlock Origin to a browser also provides a very useful layer of defence as well as setting UAC to its highest level (and actually reading any alerts and not just clicking through them to get rid of them).
As for it being hard to run malware on Linux, yes if users aren't duped. But phishing and spear phishing are how a lot of people get infected regardless of the OS they use.
If I find any info relating to which OSes ClamAV covers percentage-wise and any up-to-date info relating to effectiveness, then I'll add it here. — Preceding unsigned comment added by 95.147.5.140 (talk) 22:16, 12 August 2019 (UTC)[reply]
Great. - Ahunt (talk) 22:21, 12 August 2019 (UTC)[reply]

Unix-like

[edit]

Now that Mac OS Ten is a Unix certified OS, maybe the lead paragraph should mention Unix and Unix-like ... --Click me! 22:22, 9 August 2007 (UTC)[reply]

Given that all Unix-certified systems (certified, BTW, by The Open Group, not SCO) are Unix-like systems, "Unix-like" suffices. (OS X isn't the first SUSv3-certified system to run ClamAV - Solaris binaries are also available, for example.) Guy Harris 06:03, 15 August 2007 (UTC)[reply]

New article: Sourcefire, Inc

[edit]

I've started an article, Sourcefire, Inc, for the company that develops the Snort and ClamAV free software packages. Contributions very welcome. --Gronky 09:38, 23 October 2007 (UTC)[reply]

Userbox

[edit]

Wikipedia editors who use ClamAV may want to add this userbox to their user page:

Code Result What links here
{{User:Ahunt/Clam}}
This user uses the open source ClamWin, ClamTk or ClamAV virus scanner.
Usage

- Ahunt (talk) 20:53, 3 March 2008 (UTC)[reply]

Archive file vulnerability?

[edit]

Has there been any word on whether any version of Clam is vulnerable to the anti-antivirus archive file attack that was just published affecting some 40 vendors? See [2]. Ham Pastrami (talk) 00:20, 19 March 2008 (UTC)[reply]

No idea. Perhaps that's something you should ask their developers? ~~ [Jam][talk] 09:38, 19 March 2008 (UTC)[reply]

Portal:Free software: ClamAV is now the selected article

[edit]

Just to let you know. The purpose of selecting an article is both to point readers to the article and to highlight it to potential contributors. It will remain on the portal for a week or so. The previous selected article was Amarok - some mature software for organising music files.

For other interesting free software articles, you can take a look at the archive of PF's selectees. --Gronky (talk) 23:03, 19 March 2008 (UTC)[reply]

The portal selectee has moved on and is now Frets on Fire - a game like Guitar Hero. FoF is also involved in software patent controversy after discussions of it's removal from Fedora (GNU/Linux distribution). --Gronky (talk) 12:13, 25 March 2008 (UTC)[reply]

ClamAV for Windows!?

[edit]

It appears that Immunet Protect is being used by "ClamAV for Windows" (http://www.clamav.net/lang/en/about/win32/) as announced by the Immunet site (http://immunet.com/pressreleases?id=13). However, the http://www.clamwin.com/ site has the "new" 0.96 version which is all very confusing... If someone can make sense of this, it would probably be worthwhile to update the appropriate subset of these articles: (Clam AntiVirus), ClamWin, and Immunet Protect. Royanee (talk) 19:02, 14 April 2010 (UTC)[reply]

Effectiveness section

[edit]

User:Jerome Charles Potts tagged this section as out of date. I would be happy to update it, do you have any references? - Ahunt (talk) 12:53, 9 February 2011 (UTC)[reply]

Are unofficial signatures a free software effect?

[edit]

I added a short section about unofficial databases for ClamAV. There are various organizations involved in this activity, some of which I mentioned. I left a red link for Sanesecurity (with a note referencing the link found in the Debian package). I feel most of those people and organizations don't meet Wikipedia:Notability. They themselves don't recount who they are and why they are committed to such activity. Yet, they are many and their activity is noteworthy as such, besides being important for our security.

This topic would certainly deserve its own space if there were multiple free antivirus. Since ClamAV is the only one package of its kind (another unusual case), perhaps it can stay in that section, for the time being. But some expansion is needed. ale (talk) 08:21, 3 September 2014 (UTC)[reply]

[edit]

Hello fellow Wikipedians,

I have just added archive links to one external link on Clam AntiVirus. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

checkY An editor has reviewed this edit and fixed any errors that were found.

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—cyberbot IITalk to my owner:Online 17:55, 28 February 2016 (UTC)[reply]

Checked - Ahunt (talk) 21:14, 28 February 2016 (UTC)[reply]

decade old comparison?!?

[edit]

Is there any reason not to delete the effectiveness comparison from 2008? — Preceding unsigned comment added by 75.73.1.89 (talk) 09:15, 3 November 2016 (UTC)[reply]

Yes, because Wikipedia gives the history of subjects, we don't delete old information, just put it in historical context. - Ahunt (talk) 19:02, 3 November 2016 (UTC)[reply]
[edit]

Hello fellow Wikipedians,

I have just modified one external link on Clam AntiVirus. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

checkY An editor has reviewed this edit and fixed any errors that were found.

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 07:44, 11 November 2016 (UTC)[reply]

Checked - Ahunt (talk) 14:34, 11 November 2016 (UTC)[reply]
[edit]

Hello fellow Wikipedians,

I have just modified one external link on Clam AntiVirus. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 18:27, 8 August 2017 (UTC)[reply]

A Commons file used on this page or its Wikidata item has been nominated for deletion

[edit]

The following Wikimedia Commons file used on this page or its Wikidata item has been nominated for deletion:

Participate in the deletion discussion at the nomination page. —Community Tech bot (talk) 05:37, 12 September 2022 (UTC)[reply]

Requested move 3 December 2023

[edit]
The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review after discussing it on the closer's talk page. No further edits should be made to this discussion.

The result of the move request was: moved. (closed by non-admin page mover) -- Maddy from Celeste (WAVEDASH) 18:55, 10 December 2023 (UTC)[reply]


Clam AntiVirusClamAV – "ClamAV" is the official, trademarked name of the software and to my knowledge has always been its functional name (as in file names and internal documentation) and its common name in plain speech. I can only guess that the motivation for the current expansion in the title is to avoid ambiguity, but I don't believe that should apply here since "ClamAV" is being used as a proper name rather than merely an abbreviation, and I don't see a practical concern that this name is ambiguous - "ClamAV" already redirects here. Ham Pastrami (talk) 07:13, 3 December 2023 (UTC)[reply]

The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.