[Rspamd-Users] Avast antivirus - IO timeout

Carsten Rosenberg cr at ncxs.de
Fri Mar 15 16:18:35 UTC 2024 


On 15.03.24 16:57, G.W. Haywood wrote:
> Hi there,
> 
> On Fri, 15 Mar 2024, Tomasz Kaźmierczak wrote:
>> ...
>> in other case i use CLAMAV - its really great.
>>
>> in this case, the client requires one of the commercial AV.
>>
>> i'm testing:
>>
>> - F-Secure Atlant (successor GateKeeper) by ICAP - write to support 
>> for help
>>
>> - Avast - timeout error
> 
> Here are my results for the most recent approximately 500 malicious
> emails sent to addresses at my business and scanned by Jotti's very
> useful malware scanner (https://virusscan.jotti.org/):
> 
> 8<----------------------------------------------------------------------
> 
>    YES     NO      %  VENDOR (alphabetical)
> --------------------------------------
>     84    418     17  anti-virus.by
>    367    131     74  avast.com
>    335    167     67  bitdefender.com
>     15    487      3  clamav.net
>    245     58     81  cyren.com
>    234    268     47  drweb.com
>    334    167     67  escanav.com
>     59     75     44  eset.com
>      9    141      6  f-prot.com
>    263    236     53  f-secure.com
>    421     77     85  fortinet.com
>    352    144     71  gdatasoftware.com
>    296    205     59  ikarussecurity.com
>     65    435     13  k7computing.com
>    180     87     67  kaspersky.com
>    169    117     59  sophos.com
>     22    480      4  trendmicro.com --------------------------------------
>   3450 + 3693 = 7143 total tests
> --------------------------------------
> 
>    %   VENDOR (sort by detection rate)
> --------------------------------------
> 84.5  fortinet.com 80.9  cyren.com 73.7  avast.com 71.0  
> gdatasoftware.com 67.4  kaspersky.com 66.7  bitdefender.com 66.7  
> escanav.com 59.1  sophos.com 59.1  ikarussecurity.com 52.7  f-secure.com 
> 46.6  drweb.com 44.0  eset.com 16.7  anti-virus.by 13.0  k7computing.com
>   6.0  f-prot.com
>   4.4  trendmicro.com
>   3.0  clamav.net
> 
> 8<----------------------------------------------------------------------
> 
> You can probably see why your client doesn't want to use ClamAV.  Of
> the two which you are testing, my results indicate that Avast is much
> better than F-Secure.  However you do need to keep in mind that these
> tests are (1) only on mail and (2) only on mail sent to my business.
> I have no information of similar quality for scanning filesystems.
> 
> You should also keep in mind that even on a good day, 15% of the mail
> carrying malicious payloads will get past *all* avaialble anti-virus
> packages.  So you can't rely on anti-virus alone.  If you do, it is
> inevitable that malware will get past your defences.


For Business needs its good to combine at least 2 undependend vendors to 
cover a good portion of new samples.

An for Clamav: Add Sanesecurity and in particular Securiteinfo extra 
signatures and try again :)

> 
> All the malicious emails above were detected by my own milter, but I
> do have the luxury of making the rules here.
> 
> HTH
> 


CArsten

More information about the Users mailing list