Announcement

Collapse
No announcement yet.

ClamAV Anti-Virus Reaches Version 1.0 With New LTS Release

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ClamAV Anti-Virus Reaches Version 1.0 With New LTS Release

    Phoronix: ClamAV Anti-Virus Reaches Version 1.0 With New LTS Release

    ClamAV as one of the leading open-source anti-virus / anti-malware toolkits for Linux / Windows / BSDs has finally reached the version 1.0 milestone...

    https://www.phoronix.com/news/ClamAV-1.0-LTS

  • #2
    I have once used it multiple years ago - decade ?. How good is it in comparison to commercial solutions?

    Comment


    • #3
      It's been years since I used it aswell, but last time I checked, detection was lackluster with many misses, but also false positives…

      Comment


      • #4
        Not good. AV-Comparatives tested it a decade ago or so, it was actually the single test they carried out because once they found out that ClamAV caught fewer than 30% in the wild viruses vs. 99.5-100% for top AV vendors, they gave up on it.

        ClamAV is basically useless, and not only that - running it gives you an utterly false sense of security.

        And even when we speak about top AV vendors such as BitDefender, Norton, Kaspersky, etc. their products are basically useless for catching Linux malware. They are only good for Windows and surprisingly MacOS malware.

        For Windows applications they employ a range of deep scanning technologies including automatic reverse engineering and hardware virtualization assisted sand-boxing and there's nothing like that for Linux applications.

        And Linux malware runs rampant on infected servers contrary to the myths spread in the open source community that Linux is malware free. It doesn't help that e.g. Windows has pretty much all binaries (including shared libraries) digitally signed, so it's relatively easy to sniff out alien applications and in Linux we only have at best the signed kernel and its modules for Fedora, RHEL and Ubuntu. The entire user space is not signed, so you never know what you're actually running.

        And don't get me started on the evil maid attack (tampering with the initrd which can give the attacker full access to your system even it's encrypted) which is still not resolved in a single Linux distro.

        The situation with security in Linux despite SeLinux, AppArmor, other MACs, and user virtualization solutions such as FlatPak and Snap is quite sad really.

        People often flock to Linux thinking they'll be safer and then they proceed to install software from random sources on the net without thinking twice which leads to a situation when hundreds of thousands of Linux servers run malware and are used in botnets.

        Here's the latest quite damning example: https://sysdig.com/blog/analysis-of-...docker-images/

        1652 malware ridden docker containers ready for your consumption. And don't get me started on thousands of breaches of NPM, Python, Ruby and other frameworks.

        To be honest I feel safer running my Windows 10 installation than a freshly installed Fedora 37.

        Comment


        • #5
          Is this any good for single-boot Linux only installation?

          Comment


          • #6
            Originally posted by birdie View Post
            To be honest I feel safer running my Windows 10 installation than a freshly installed Fedora 37.
            Why?

            all the official packages are verified by the Fedora community. Did you have any negative experience directly tied to them?

            Comment


            • #7
              Originally posted by birdie View Post
              Not good. AV-Comparatives tested it a decade ago or so, it was actually the single test they carried out because once they found out that ClamAV caught fewer than 30% in the wild viruses vs. 99.5-100% for top AV vendors, they gave up on it.

              ClamAV is basically useless, and not only that - running it gives you an utterly false sense of security.

              And even when we speak about top AV vendors such as BitDefender, Norton, Kaspersky, etc. their products are basically useless for catching Linux malware. They are only good for Windows and surprisingly MacOS malware.

              For Windows applications they employ a range of deep scanning technologies including automatic reverse engineering and hardware virtualization assisted sand-boxing and there's nothing like that for Linux applications.

              And Linux malware runs rampant on infected servers contrary to the myths spread in the open source community that Linux is malware free. It doesn't help that e.g. Windows has pretty much all binaries (including shared libraries) digitally signed, so it's relatively easy to sniff out alien applications and in Linux we only have at best the signed kernel and its modules for Fedora, RHEL and Ubuntu. The entire user space is not signed, so you never know what you're actually running.

              And don't get me started on the evil maid attack (tampering with the initrd which can give the attacker full access to your system even it's encrypted) which is still not resolved in a single Linux distro.

              The situation with security in Linux despite SeLinux, AppArmor, other MACs, and user virtualization solutions such as FlatPak and Snap is quite sad really.

              People often flock to Linux thinking they'll be safer and then they proceed to install software from random sources on the net without thinking twice which leads to a situation when hundreds of thousands of Linux servers run malware and are used in botnets.

              Here's the latest quite damning example: https://sysdig.com/blog/analysis-of-...docker-images/

              1652 malware ridden docker containers ready for your consumption. And don't get me started on thousands of breaches of NPM, Python, Ruby and other frameworks.

              To be honest I feel safer running my Windows 10 installation than a freshly installed Fedora 37.
              Meh... stick to your window$... not sure why you're on these forums!

              No problems with distros, if anything happens to "initrd" to any of those distros you mentioned, AND it affects a paying Canonical customer or IBM/RedHat customer or bank... It gets clamped down quite quick.

              You're spreading fake news really, from a window$ emotional lubber.

              Comment


              • #8
                Originally posted by cynic View Post

                Why?

                all the official packages are verified by the Fedora community. Did you have any negative experience directly tied to them?
                But after the installation these files can be overridden by malware and since they're not digitally signed, you don't know.
                Sure I trust Fedora, when I install Fedora, but after you use it, then those files can be overridden.

                Comment


                • #9
                  Originally posted by cynic View Post

                  Why?

                  all the official packages are verified by the Fedora community. Did you have any negative experience directly tied to them?
                  I have at the very least two dozen applications and libraries not provided by Fedora due to licensing and other restrictions. And even beside that, you've not read my post, have you? Fedora only signs the kernel and its modules. You cannot be sure that Fedora applications/libraries you have installed are actually Fedora's. You may tell me that I could run `rpm -V` but any malware can easily tamper with the RPM database and make it look like you're totally fine. I need to stop now, I don't want to talk to people who don't want to get into the fine details of the huge security fiasco/theater that modern Linux distros are.

                  Originally posted by uid313 View Post

                  But after the installation these files can be overridden by malware and since they're not digitally signed, you don't know.
                  Sure I trust Fedora, when I install Fedora, but after you use it, then those files can be overridden.
                  Exactly that.

                  Comment


                  • #10
                    Originally posted by DanglingPointer View Post

                    Meh... stick to your window$... not sure why you're on these forums!

                    No problems with distros, if anything happens to "initrd" to any of those distros you mentioned, AND it affects a paying Canonical customer or IBM/RedHat customer or bank... It gets clamped down quite quick.

                    You're spreading fake news really, from a window$ emotional lubber.
                    Does Lennart Pottering ring a fucking bell for you? Just a few weeks ago he talked about exactly the same fucking "fake news": https://0pointer.net/blog/brave-new-...oot-world.html

                    After dealing with Linux users I want to vomit hard. The worst fan base of anything I've ever dealt with. Denying issues, lying through their teeth about issues, telling you to "fuck off" when you expose Linux for what it is.

                    Comment

                    Working...
                    X