antivirus recommendation other than clam av?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

antivirus recommendation other than clam av?

Post by tochi » 2015-08-04 00:10

Currently we use ClamAV but the detection rate is miserable. Our users received many virus emails everyday. Fortunately SpamAssassin catches majority of them and moves them into spam folder. I'm wondering what effective antivirus software you are using? Commercially free is ideal but product with less expensive price is also accepted. It must be compatible with Windows Server 2012 R2 64bit.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-08-04 01:02

Apparently avast actually have a business edition that is free to use https://www.avast.com/avast-for-business.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20796
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: antivirus recommendation other than clam av?

Post by mattg » 2015-08-04 11:12

I'm a big fan of Avast
I even pay extra for their premium offer... (still cheaper than $ymantec and much better to boot)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

MikeLim
New user
New user
Posts: 16
Joined: 2015-05-21 16:17

Re: antivirus recommendation other than clam av?

Post by MikeLim » 2015-08-11 15:12

Thanks for the note about Avast for Business.


Regarding ClamAV, you can supplement it with additional signatures.
We are using https://www.securiteinfo.com/services/i ... amav.shtml and http://sanesecurity.com/. Helps improve malware detection rate and also include anti-spam features.

vito8
New user
New user
Posts: 2
Joined: 2015-09-02 04:31

Re: antivirus recommendation other than clam av?

Post by vito8 » 2015-09-02 04:40

I can only advise that I personally use Kaspersky for years.Never had Virus problems

vito8
New user
New user
Posts: 2
Joined: 2015-09-02 04:31

Re: antivirus recommendation other than clam av?

Post by vito8 » 2015-09-08 02:57

More info about the antivirus comparison http://pc4u.org/best-antivirus-for-windows/

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-09-09 10:57

Good to see that BITDEFENDER (which has been my choice for pc protection on our workstations) is more or less equal Top performer or certainly performs extensively and has a good report with all the independent tests. Note should be taken that Clam is NOWHERE!!!

For interest in Avast: a poster has installed and tested it and reported his feedback here: viewtopic.php?p=178346#p178346
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: antivirus recommendation other than clam av?

Post by tochi » 2015-10-28 20:04

I've tried several antivirus software recently but none of them is good enough.

BitDefender and TrendMicro (for Server) don't have command line scanner.
AVG File Server edition seems has memory leak issue. After running full day scanning, its UI became very slow, unresponsive. It also uses more than 1GB memory which is huge for an antivirus program. Avast Business Free works fine. However, both AVG and Avast could hardly detect any virus or malware when emails arrived. They could detect many of them hours later but it's too late.

Clam AV, on the other hand, works best with the help of SaneSecurity virus definitions. Though the detection rate is not impressive (I expect 90% more) it detects many. And it keeps running for more than 1 month without issue. Thank you MikeLim.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-10-28 20:33

tochi wrote:both AVG and Avast could hardly detect any virus or malware when emails arrived. They could detect many of them hours later but it's too late.
Isnt that the case for all AV's though (event he best ones like Bitdefender and the like). The greatest threat is the first 4 or 5 hours of the new virus becoming active as they proliferate with freedom as current definitions dont know about them. Ive never seen any AV solution detect new viruses within this timeframe. (ClamAV, I have proven, without the SaneSecurity definitions to take MONTHS to add to definitions. I even have evidence of MS Defender just not detecting anything at all.....ever!).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: antivirus recommendation other than clam av?

Post by tochi » 2015-10-28 22:31

Is ClamAv + SaneSecurity the only one which updates virus definitions every hour?

I am curious why people recommended AVs like avg, avast whose detection rate (for new incoming emails) is almost 0% ?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-10-28 23:38

The question is really about both the frequency of the definition authors updating and providing new definitions AND the frequency of software performing an 'update of definitions check'.

Some AV's have the ability to set the update regularity from, say, every hour, to once a day at a fixed time whilst other software doesnt give that control at all (and is automatic/built in - Microsoft for example). Of course, irrespective of the frequency you set, if there are no updates to the definitions being WRITTEN by the authors then its a waste of time checking every hour. So, which authors work on the updates around the clock? Thing is, if you look at the support pages of your chosen (main) solution provider they will all say they work on them around the clock. Which is fair enough. BUT they also rely on the public at some point identifying and reporting the infections in the first place. So they may well man the 'definition update desk' for 24 hours a day, and you may set your software to do a check for an update to download every hour....but if no one bothers to tell the AV providers about the new infection and report back the sample then it will be a 24 hour desk of watching X Factor whilst still waiting for something to come in (and that doesnt stop any new viruses).

If I understand correctly, Clam DEFAULT updates are daily (although you can set them to be hourly), and isnt the SaneSecurity updates controlled by a Scheduler Task that you define yourself? As for Clam definitions, I think its just 2 people mainly doing them (if you view their definiton DB mailing list) and they have a day job therefore subject to working only during office hours. I cant speak for Sane but suspect they also rely on a regular office-hour for doing the definition updates so any virus released at midnight their local time probably have a good 9 hours MINIMUM freedom of destroying PC's before there is an risk of them being analysed and having a antidote written.

Therefore.......
I am curious why people recommended AVs like avg, avast whose detection rate (for new incoming emails) is almost 0% ?
....I dont believe any AV is better than another in detection of a newly released virus...as long as the definition of "New" in these terms means about 6 hours. After that time, then one can start judging by response time and efficacy as to what solution is better than the next. And that is where we start to judge for preference and choices.

p.s I just had a quick look on AVG website. Quote:
"Priority Updates Pro

Delivers real-time security updates to you the moment they’re available so you’re better protected against 0-day threats."
Even they talk in DAYS rather than HOURS being best available for update speed (albeit Zero day). Its the first HOURS in the first day that the damage is done.

(By the way, my home laptop uses Avira and they say:
"Our Protection Cloud is our early warning system, which analyzes unknown files in the cloud –
anonymously – from millions of users, to protect you from zero-day threats as they emerge in real time. "
)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-10-29 00:29

tochi wrote: BitDefender and TrendMicro (for Server) don't have command line scanner.
You sure Bitdefender doesnt have command line scanner?

http://forum.bitdefender.com/index.php?showtopic=34558
Please run bdc.exe /? in Command Prompt and you will have there all the parameters from the command line scanner.
And here is how to do things properly: http://forum.bitdefender.com/index.php? ... st&p=74039 (although I havent actually read it)
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: antivirus recommendation other than clam av?

Post by tochi » 2015-10-29 00:52

jimimaseye wrote:
tochi wrote: BitDefender and TrendMicro (for Server) don't have command line scanner.
You sure Bitdefender doesnt have command line scanner?

http://forum.bitdefender.com/index.php?showtopic=34558
Please run bdc.exe /? in Command Prompt and you will have there all the parameters from the command line scanner.
And here is how to do things properly: http://forum.bitdefender.com/index.php? ... st&p=74039 (although I havent actually read it)
That's back in 2011, four years ago. BitDefender has removed command line scanner from Windows products, at least for Windows Server. It's confirmed by BitDefender sales support.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-10-29 01:00

Oh right. Ta for that. Official then. Shame.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: antivirus recommendation other than clam av?

Post by tochi » 2015-10-29 01:03

Proofpoint claims they have Zero-Hour Threat Detection ability but it must be very expensive.

I couldn't believe the donation supported 'product' (it's not even a standalone product) is the best I can have. According to my experience, SaneSecurity does update virus definitions hourly. I do have scheduled a job to retrieve definitions every hour. And it excels in terms of email virus detection rate.

User avatar
katip
Senior user
Senior user
Posts: 748
Joined: 2006-12-22 07:58
Location: Istanbul

Re: antivirus recommendation other than clam av?

Post by katip » 2015-10-30 06:02

try here to see which AV was the first in detecting a certain malware/virus.
http://www.virustotal.com/
one which was the first for virus A is the last for virus B or still unaware of it at all while the other one the opposite.
there is no best AV in terms of update speed IMHO.
Katip
--
HMS 5.7.0 x64, MariaDB 10.4.10 x64, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
mattg
Moderator
Moderator
Posts: 20796
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: antivirus recommendation other than clam av?

Post by mattg » 2015-10-30 06:57

katip wrote:there is no best AV in terms of update speed IMHO.
No, but there are some that are simply terrible in terms of system slowdown, and in virus detection
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-10-30 09:25

I just posted up to virustotal a known virus file that I have in storage to see who was best.

File
SHA256: 838c54c167995aa79d7e8a70ef814f9cd60fc0f0ec99ba0f62067440fee1273a
File name: contention_111924953056769_6STQZ57.rar
Detection ratio: 42 / 55
Analysis date: 2015-10-30 07:06:38 UTC ( 3 minutes ago )
Of all those that have detected it as a virus, 1 of those first recognised it on 18th June and then all others were showing on 21st June.

NO SURPRISE, though, that even on a rescan CLAM doesnt detect it at all! (still thinks it's 4 months later)

(and no mention of 'proofpoint')
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8537
Joined: 2011-09-08 17:48

Re: antivirus recommendation other than clam av?

Post by jimimaseye » 2015-10-30 13:50

Received a new virus (word DOC+Macro) today at 9:56am. At 11:34 I checked VirusTotal to see who has identified it (https://www.virustotal.com/en/file/b5fe ... 446204850/):

Code: Select all

Analysis date: 	2015-10-30 11:34:28 
Detection ratio: 	5 / 55

AVware 					LooksLike.Macro.Malware.gen!d3 (v) 	20151030
Arcabit					HEUR.VBA.Trojan 							20151030
F-Secure	  			Trojan:W97M/MaliciousMacro.GEN 		20151030
TrendMicro-HouseCall	W2KM_DRIDEX.YYSOQ 						20151030
VIPRE  					LooksLike.Macro.Malware.gen!d3 (v) 	20151030 
Only 5 out of 55. There are your ZERO-HOUR protectors! (although technically thats more like TWO hours). All others still declaring the file as safe.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

tochi
Senior user
Senior user
Posts: 278
Joined: 2015-07-28 22:55

Re: antivirus recommendation other than clam av?

Post by tochi » 2015-11-10 00:48

My compliments to SaneSecurity (virus db addon for ClamAV). After adding badmacro.ndb and foxhole databases (foxhole_generic.cdb and foxhole_filename.cdb), the detection rate is more than 90% with very low false positive.

Post Reply