Advice Request Is Cisco keeping ClamAV bad on purpose?

Please provide comments and solutions that are helpful to the author of this topic.
Spawn said:
I wouldn't say bad, but they do have their own proprietary products for security and networking.

By the looks of it, it appears to be more community driven for mail servers, than to compete with Microsoft Defender on a Windows PC.
https://talosintelligence.com/clamav
https://talosintelligence.com/immunet
Click to expand...
The ClamAV architecture was originally designed for mail servers.
Talos detections are mainly in the cloud, I am not aware of any cloud components being presented in ClamAV. This may explain the difference in detection.
 
  • Like
Reactions: roger_m, SeriousHoax, MacDefender and 5 others
ClamAV has always been bad at general malware detection. Its primary use case has been for mail servers and stopping the distribution of emerging outbreaks as quickly as possible. Back before AVS had hourly definition updates ClamAV definitely was one of the fastest to stop new email worms. These days, almost all AV vendors have closed that gap.
 
  • Like
  • +Reputation
Reactions: Behold Eck, roger_m, Andrew999 and 8 others
MacDefender said:
ClamAV has always been bad at general malware detection. Its primary use case has been for mail servers and stopping the distribution of emerging outbreaks as quickly as possible. Back before AVS had hourly definition updates ClamAV definitely was one of the fastest to stop new email worms. These days, almost all AV vendors have closed that gap.
Click to expand...
It still detects some threats, such as double extension (*.pdf.exe for example) or some PE malware, but performance is not impressive.
ClamAV is to be run only as part of Immunet together with other technologies implemented.
 
  • Like
  • +Reputation
Reactions: Behold Eck, roger_m, Andrew999 and 5 others

You may also like...