quietlife.net

clamwin

18 Apr 2005

Interestingly, I discovered there’s a blooming project for a Windows version of ClamAV, called ClamWin. ClamAV, if you don’t know, is very popular open-source anti-virus software. This is extremely appealing to me (and many others, I suspect), as I have a lot of clients in dire need of anti-virus software for their servers/workstations. Unfortunately, the cost of commercial anti-virus software licensing can be daunting – I currently even have a non-profit client balking at enterprise A/V software because of the price.

So I figured I’d try this out. I even booted into Windows just to give it a whirl! What follows is a mini-review:

Pros:

  • Free
  • Fast – scanning was quick and thorough.
  • E-mail alerts – you can have it send e-mail on virus detection.
  • Uses the ClamAV virus database – I have been fairly impressed with ClamAV’s signature database and found no particular deficiencies (so far). Personally I think a community-driven virus signature database has more potential for comprehensiveness than a privately managed and maintained one, anyway. We’ll see if experience with a desktop product bears this out.
  • Outlook integration

Cons:

  • Does not appear to be able to run as a service, so someone has to be logged in for scheduled scans to run.
  • No on-execute scanning – the scanner can’t scan files as they are created or executed. It’s just a scanner that must be initiated manually.
  • No runtime scanning – doesn’t appear to have any ability to scan processes currently running and terminate malicious ones.
  • No boot-time/boot-sector scanning.
  • Poor default selections – some of the default preferences are not what most workstation users will want. Viruses should be quarantined by default. A scheduled scan of C: should be enabled by default.
  • Poor quarantining. – The quarantining process simply moves the files to a folder. It doesn’t rename or protect them in anyway. A virus can be viewed or executed in this quarantine folder.
  • No Thunderbird extention (!) – This is a particularly striking deficiency, considering it’s an open-source product and it supports Outlook but not Thunderbird.

These are just the things that stuck out about it on first use. More rigorous usage would probably yield further pros/cons, however honestly I probably won’t get to that, since I use Linux as my desktop OS.

In conclusion, it looks like this product is not quite ready for the average user, and definitely not for a server. The lack of runtime/access scanning and inability to run as a service are what kills it here. It doesn’t quite stack up well against a product like AVG’s Free Version. Unfortunately, the licensing on a product like AVG’s makes it unviable as an option for a for-profit company, so something like ClamWin looks very appealing. However, I don’t think it’s quite up to par. However, I am betting it won’t be long.