LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Blogs > unSpawn
User Name
Password

Notices



Rate this Entry

Non-authoritative scan results of BitDefender, ClamAV and F-prot

Posted 07-01-2009 at 08:35 PM by unSpawn
Tags antivirus

Like before here's some results of running BitDefender, ClamAV and F-prot on over 11K of files containing Rootkits, LKM's and other goodies. Because of what I do most of the files are GNU/Linux related. (I run AV like a pentester would run metasploit against a networked entity.) I'm well aware of the AV-on-GNU/Linux-yes-or-no debate and this is not the place to go into that: search LQ or open up a thread if you need to discuss validity.

The commercial AV market is kind of an odd place (to put it politely), and products that don't (have the inclination, licensing or resources to) play along, well, show it. That doesn't mean I don't respect ClamAV developers for what they've brought us in terms of OSS. The only thing I hope these results emphasise is that you should make your own informed decision. This goes especially for those that choose to promote just one product without realising the effects of doing so.

Files scanned:
BDC: 65525
F-prot: 65253
ClamAV: 220

Infected found:
BDC: 1641 (0 suspects)
F-prot: 1158 (19 files with errors)
ClamAV: 19

Old rootkit material:
sauber (T0rnkit), modhide.o (Knark), relink (Adore)
BDC: Y Y Y
F-prot: Y Y Y
ClamAV: N N N

2.6 LKMs: Override, Intoxonia-NG, EnyeLKM, Mood-NT:
BDC: N N N N
F-prot: N N N N
ClamAV: N N N N

Misc: boxer (obfuscated ELF), OSXrk (Mac), Fbrk (BSD), Vlogger (keylogger):
BDC: N Y Y Y
F-prot: N Y Y Y
ClamAV: N N N N

Malware: PHP mass mailer, r57shell, C99Shell, C99Shell other version, I-Frame Trojan:
BDC: Y Y Y Y Y Y
F-prot: Y Y Y Y Y Y
ClamAV: N N N N N Y

App/engine version info:
BDC: v7.90123 Linux-i586
F-prot: version 6.2.1.4252, engine version: 4.4.4.56
ClamAV: 0.95.2/9532

Commandline:
BDC: --action=ignore --recursive-level=100 --archive-level=100 --no-list
F-prot: --boot --follow --mount --maxdepth=60 --heurlevel=3 --archive=10 --adware --applications --verbose=2
ClamAV: --verbose --remove=no --tempdir=/dev/shm --detect-pua=yes --detect-structured=yes --scan-mail=yes --phishing-scan-urls=yes --heuristic-scan-precedence=yes --algorithmic-detection=yes --scan-pe=yes --scan-elf=yes --scan-ole2=yes --scan-pdf=yes --scan-html=yes --scan-archive=yes --detect-broken=yes --block-encrypted=no --mail-follow-urls=no

Scan time (MM:SS):
BDC: 05:56
F-prot: 01:52
ClamAV: 40.85
Posted in Uncategorized
Views 2464 Comments 0
« Prev     Main     Next »

  



All times are GMT -5. The time now is 08:22 PM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration