[Rspamd-Users] Avast antivirus - IO timeout

G.W. Haywood rspamd at jubileegroup.co.uk
Fri Mar 15 15:57:51 UTC 2024 

Hi there,

On Fri, 15 Mar 2024, Tomasz Kaźmierczak wrote:
> ...
> in other case i use CLAMAV - its really great.
> 
> in this case, the client requires one of the commercial AV.
>
> i'm testing:
>
> - F-Secure Atlant (successor GateKeeper) by ICAP - write to support for help
>
> - Avast - timeout error

Here are my results for the most recent approximately 500 malicious
emails sent to addresses at my business and scanned by Jotti's very
useful malware scanner (https://virusscan.jotti.org/):

8<----------------------------------------------------------------------

   YES     NO      %  VENDOR (alphabetical)
--------------------------------------
    84    418     17  anti-virus.by
   367    131     74  avast.com
   335    167     67  bitdefender.com
    15    487      3  clamav.net
   245     58     81  cyren.com
   234    268     47  drweb.com
   334    167     67  escanav.com
    59     75     44  eset.com
     9    141      6  f-prot.com
   263    236     53  f-secure.com
   421     77     85  fortinet.com
   352    144     71  gdatasoftware.com
   296    205     59  ikarussecurity.com
    65    435     13  k7computing.com
   180     87     67  kaspersky.com
   169    117     59  sophos.com
    22    480      4  trendmicro.com 
--------------------------------------
  3450 + 3693 = 7143 total tests
--------------------------------------

   %   VENDOR (sort by detection rate)
--------------------------------------
84.5  fortinet.com 
80.9  cyren.com 
73.7  avast.com 
71.0  gdatasoftware.com 
67.4  kaspersky.com 
66.7  bitdefender.com 
66.7  escanav.com 
59.1  sophos.com 
59.1  ikarussecurity.com 
52.7  f-secure.com 
46.6  drweb.com 
44.0  eset.com 
16.7  anti-virus.by 
13.0  k7computing.com
  6.0  f-prot.com
  4.4  trendmicro.com
  3.0  clamav.net

8<----------------------------------------------------------------------

You can probably see why your client doesn't want to use ClamAV.  Of
the two which you are testing, my results indicate that Avast is much
better than F-Secure.  However you do need to keep in mind that these
tests are (1) only on mail and (2) only on mail sent to my business.
I have no information of similar quality for scanning filesystems.

You should also keep in mind that even on a good day, 15% of the mail
carrying malicious payloads will get past *all* avaialble anti-virus
packages.  So you can't rely on anti-virus alone.  If you do, it is
inevitable that malware will get past your defences.

All the malicious emails above were detected by my own milter, but I
do have the luxury of making the rules here.

HTH

-- 

73,
Ged.

More information about the Users mailing list