Page 1 of 1

clam antivirus - variations

Posted: 2017-11-18 15:57
by cijiro
Hi,
because I don't have clear mind about Clam antiviruses, I try to ask here, because I know, it's used by Hmail users here.

As I read here, it's recommended, to use clamd as service + clamwin + sanesecurity.

Is there any difference between ClamWin + clamd and ClamAV + clamd?
What is main difference between ClamWin and ClamAV? It looks by version and files simillar.

About sanesecurity, I test it, get defs from clamwin, it has about 6milion knowns and then update with sanesecurity with default def list and it add only about 7000 defs, is it ok?

Thanks

Re: clam antivirus - variations

Posted: 2017-11-18 20:38
by jimimaseye
cijiro wrote:Hi,
Is there any difference between ClamWin + clamd and ClamAV + clamd?
No, not really. (Technically yes because Clamwin is still at 0.99.1 where ClamAV is not at 0.93 (I think) but the differences are minimal (can now handle Yara rules) and barely make a difference). But they both use the same definitons from the ClamAV default repository from ClamAV.
cijiro wrote:What is main difference between ClamWin and ClamAV? It looks by version and files simillar.
Clamwin has a nice windows GUI with shell context menu on demand scanning and system tray. Clamwin DOESNT run as a service and isnt multi-threaded therefore has to load itself (engine and defintions) every time a mail is passed to it and eats memory and process each time.

Clam is the opposite of the above two points.
cijiro wrote:About sanesecurity, I test it, get defs from clamwin, it has about 6milion knowns and then update with sanesecurity with default def list and it add only about 7000 defs, is it ok?
Yes. Sane adds important and useful definition that actually work filling the holes that the Clam definitions miss. If you read my thread here yopu will see how useful they can be and how I got to the conclusion they were necessary to have a successful implementation of Clam.

Re: clam antivirus - variations

Posted: 2017-11-18 22:13
by mattg
cijiro wrote:Is there any difference between ClamWin + clamd and ClamAV + clamd?
jimimaseye wrote:...they both use the same definitons from the ClamAV default repository from ClamAV.
The same TERRIBLE definitions. CLAM (either one) couldn't catch a cold on it's own
cijiro wrote:What is main difference between ClamWin and ClamAV?
jimimaseye wrote: Clamwin DOESNT run as a service and isnt multi-threaded therefore has to load itself (engine and defintions) every time a mail is passed to it and eats memory and process each time.
+1
ClamWIN will kill a remotely busy server - don't use it, unless you use the ClamAV service as described in that thread.
cijiro wrote:About sanesecurity, I test it, get defs from clamwin, it has about 6milion knowns and then update with sanesecurity with default def list and it add only about 7000 defs, is it ok?
jimimaseye wrote:Yes. Sane adds important and useful definition that actually work filling the holes that the Clam definitions miss.
I'll go further. Without the SANE definitions, Clam would be useless. With SANE definitions it is the best product for catching Malware being spread via email.

Re: clam antivirus - variations

Posted: 2017-11-20 16:11
by topper
I'm still using this version of ClamAV, like this. It's easy to setup service, but only 0.98
CLAM.png
I had tried other version, but can't start service, I don't know why.

Re: clam antivirus - variations

Posted: 2017-11-20 17:16
by jimimaseye
Clamwin 0.99.1 (latest available) and Clamd 0.99.1: viewtopic.php?p=186601#p186601

viewtopic.php?f=21&t=26829

Re: clam antivirus - variations

Posted: 2017-11-21 04:28
by topper
I had upgraded to 0.99.1, download from Sourceforge.

By Cisco Systems, Inc.?
20171121101711.png
This version using RunAsSvc.exe to setup clamd.exe, It's more easy to use
20171121102058.png
20171121102058.png (8.5 KiB) Viewed 1477 times

Re: clam antivirus - variations

Posted: 2017-11-21 09:34
by jimimaseye
ClamAV For Windows is also available from ClamAV, yes. It will do the same thing. However, it does not have the frontend GUI of Clamwin and it is not compatible with the Clamwin installation. The tutorial above is specific to those that wish to have Clamwin and the service living together.