It's catching very few of malwares generally. While Cisco has enough resource to feed it with its threat data, why it's being kept as it is now?
Is Cisco keeping ClamAV bad on purpose?
- Thread starter Nagisa
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
I wouldn't say bad, but they do have their own proprietary products for security and networking.
By the looks of it, it appears to be more community driven for mail servers, than to compete with Microsoft Defender on a Windows PC.
https://talosintelligence.com/clamav
https://talosintelligence.com/immunet
By the looks of it, it appears to be more community driven for mail servers, than to compete with Microsoft Defender on a Windows PC.
https://talosintelligence.com/clamav
https://talosintelligence.com/immunet
The ClamAV architecture was originally designed for mail servers.
Talos detections are mainly in the cloud, I am not aware of any cloud components being presented in ClamAV. This may explain the difference in detection.
- Mar 16, 2019
- 3,862
ClamAV is open source, community driven and anyone can create & submit signatures. There isn't anything like this in the AV industry. So, I hope they keep it alive at least.
ClamAV has always been bad at general malware detection. Its primary use case has been for mail servers and stopping the distribution of emerging outbreaks as quickly as possible. Back before AVS had hourly definition updates ClamAV definitely was one of the fastest to stop new email worms. These days, almost all AV vendors have closed that gap.
It still detects some threats, such as double extension (*.pdf.exe for example) or some PE malware, but performance is not impressive.
ClamAV is to be run only as part of Immunet together with other technologies implemented.
Similar threads
