Re: [Veering OT] RE: Panda antivirus?
On Fri, Aug 15, 2003 at 05:10:55PM -0400, Mark Roach wrote:
> On Fri, 2003-08-15 at 17:04, Pim Bliek | PingWings wrote:
> > What about clamav? Try apt-get install clamav and see how that works ;).
> > I have it running with amavisd-new and postfix and are very happy with
> > it.
>
> There doesn't seem to be a simple way to compare virus scanners, I
> suppose that comparing their signature databases would be the "correct"
> way to do it but I have no idea how to do so. Does anyone know how to
> compare virus scanners in an objective fashion?
I've seen comparisons of Windows and Mac virus scanners in the past in
magazines. The way they did it was to set up some isolated machines as
"sandboxes" for a sampling of known virus types, both new and old. They
scanned already-infected systems to test detection and removal, and they
ran infected applications and/or trojans to test the protection against
new infections. Then they put the results on how successful each package
was in a table and provided a brief summary of strengths and weaknesses.
Today you'd also want to test protection against Outlook worms. If
you're looking for software to run on a UNIX file/mail server the tests
against infecting the local machine wouldn't apply, but you might want
to try letting a workstation infect files on a share and make sure
they're detected quickly and properly.
--
Michael Heironimus
Reply to: