One example, from my experience ... On May 16 I scanned a downloaded zipped e-mail attachment with ClamWin and found Worm.Bagle.BB.
I sent e-mail with the infected attachment to my e-mail addresses at Yahoo and Hotmail and tried to download it from each of them for testing purpose. Before downloaded the attachment Yahoo Mail scanned it with Norton AntiVirus 2005. Microsoft Hotmail scanned it with Trend Micro. Finally I scanned infected zip file with AntiVir. None of them found Worm.Bagle.BB.
They detected it only few days later.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It depends on how you classify them. Some AV companies classify them by family, some classify them by signature. Some include other malware in their definitions files... there's no "official" standards. Always use two antivirus programs (not at the same time, of course!!) - no one AV program will ever detect all the viruses out there, as ponocnjak's example shows...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
A normal comerical antivirus includes file fixing. This requires more exact matching.
Ie if clamav detects it no extra sig required. Now if you are removing a virus and its slighty differnet you may required a different sig so you use the right removal methord.
In some cases 1 sig for clamav can require in some cases 20 or more sig in a comerical.
Now when you class hack tools and malware. The annoying thing is Nortons deleting my cmos cleaning tools. Just because it has a sig for it.
55% is about what the two different methrod work out to.
Wondering about the 5% boot sector viruses something clamav does not scan for at all. New ones of this are not that common.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
i know there are more than 80,000 viruses more or less, but when i installed ClamWin the database show only 40,000 viruses known, more or less
why?
One example, from my experience ... On May 16 I scanned a downloaded zipped e-mail attachment with ClamWin and found Worm.Bagle.BB.
I sent e-mail with the infected attachment to my e-mail addresses at Yahoo and Hotmail and tried to download it from each of them for testing purpose. Before downloaded the attachment Yahoo Mail scanned it with Norton AntiVirus 2005. Microsoft Hotmail scanned it with Trend Micro. Finally I scanned infected zip file with AntiVir. None of them found Worm.Bagle.BB.
They detected it only few days later.
It depends on how you classify them. Some AV companies classify them by family, some classify them by signature. Some include other malware in their definitions files... there's no "official" standards. Always use two antivirus programs (not at the same time, of course!!) - no one AV program will ever detect all the viruses out there, as ponocnjak's example shows...
A normal comerical antivirus includes file fixing. This requires more exact matching.
Ie if clamav detects it no extra sig required. Now if you are removing a virus and its slighty differnet you may required a different sig so you use the right removal methord.
In some cases 1 sig for clamav can require in some cases 20 or more sig in a comerical.
Now when you class hack tools and malware. The annoying thing is Nortons deleting my cmos cleaning tools. Just because it has a sig for it.
55% is about what the two different methrod work out to.
Wondering about the 5% boot sector viruses something clamav does not scan for at all. New ones of this are not that common.
It uses the same database as Clam AV. www.clamav.net
how many of these claimed 80000 are active now?
clamav database is constantly growing and definitely covers the new viruses.
see this news article:
http://sourceforge.net/forum/forum.php?forum_id=489147