List all the tested products.
For those manufacturers that have been tested you can see their relative skills on the malware sample collection I have.
[ AVA | AVR | BDC | CLAM | DrW | FP | KAV | McA | SOP | VBA | top ]
- ALWIL software avast! antivirus AVA
- Number of descriptions in the database: 150336 out of 106624 live samples ( 141 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: avastcmd -a -c -i -t A -r ${LOGFILE} ${WORKDIR}
avastcmd v3.0.1
libavastengine v4.7.1There seems to be some misunderstandings about this scanner. It is in fact the latest scanner for Linux and one should not make any assumptions based on the version number you see with the windows version.
While not the best product around it does reasonably well in these tests. The latest update of the library took care of the segmentation faults I had with some samples. Their tech support is among the most responsive I have experienced with all of these scanners.
- AVIRA Desktop for UNIX AVR
- Number of descriptions in the database: 137350 out of 106624 live samples ( 128.8 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: avira --allfiles -z --heur-macro -ro -r1 -rf${LOGFILE} --alltypes ${WORKDIR}
AntiVir / Linux Version 2.1.10-15This scanner was found under other names as well in the past. The VGREP database list them still as H+BEDV but the name transition has been done quite some time ago now.
- Bitdefender/Linux-Console BDC
- Number of descriptions in the database: 106657 out of 106624 live samples ( 100 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: bdc --all --files --arc ${WORKDIR} | tee ${LOGFILE}
BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53)BitDefender Linux Edition v7 is a freeware product.
The results in these test just keep them in the top 5 of the scanners tested. All in all a very nice to have product if you want to add a scanner to your linux system.
- Clam AntiVirus CLAM
- Number of descriptions in the database: 94108 out of 106624 live samples ( 88.3 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: clamscan --detect-pua --log=${LOGFILE} ${WORKDIR}
Clam AntiVirus Scanner 0.91.2ClamAV is free software both in the meaning of 'free beer' and 'free speach'.
While ClamAV does not rate top of the bill it is the only true free scanner. If one consideres that this team works on ClamAV beside a normal job or study the results are not bad at all. They have improved their standing in these test considerably over the past two years. But at present I would not trust ClamAV to be the only malware scanner. On the other hand they have the highest rating on phishing attacks as far as I can tell.
At present combining ClamAV and F-Prot results in a cheap Linux solution for home users with a great detection rate if you use amavisd.
- Doctor Web Ltd, Dr.Web (R) for Linux DrW
- Number of descriptions in the database: 84846 out of 106624 live samples ( 79.6 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: drweb -al -ar -cn -adw -dls -jok -rsk -hck -up -ha -log=${LOGFILE} -path=${WORKDIR}
Dr.Web (R) Scanner for Linux v4.33 - F-PROT ANTIVIRUS for Linux FP
- Number of descriptions in the database: 99770 out of 106624 live samples ( 93.6 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: f-prot -ai -archive=5 -collect -packed -server -report=${LOGFILE} -dumb ${WORKDIR}
F-PROT ANTIVIRUS Program version: 4.6.7 Engine version: 3.16.15F-Prot Antivirus for Linux Workstations is free when used by personal users on personal workstations.
Both reasonably fast and with a very good score. It does not detect spyware/adware but it is a very good virus detector.
At present combining ClamAV and F-Prot results in a cheap Linux solution for home users with a great detection rate if you use amavisd.
- Kaspersky On-Demand Scanner for Linux KAV
- Number of descriptions in the database: 53689 out of 106624 live samples ( 50.4 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: kavscanner -o${LOGFILE} -i0 ${WORKDIR}
Kaspersky Anti-Virus On-Demand Scanner for Linux. Version 5.5.27/RELEASE build #15, compiled Feb 28 2007, 18:27:40Kaspersky is seems to have serious problems in detecting samples. I have asked other to take random snapshots on my collection and they confirmed my findings. On linux it seems Kaspersky is not doing to well at all.
- McAfee Virus Scan for Linux McA
- Number of descriptions in the database: 108481 out of 106624 live samples ( 101.7 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: uvscan --analyze --mime --noboot --norename --program --unzip ${WORKDIR} | tee ${LOGFILE}
Virus Scan for Linux v5.10.0
Scan engine v5.1.00 for Linux.While an old program it is still updated well enough to rate among the top 3 in these tests. They are into this business for quite some time and it shows.
- Sophos SWEEP virus detection utility SOP
- Number of descriptions in the database: 113340 out of 106624 live samples ( 106.3 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: /sweep -sc -f -all -nb -p=${LOGFILE} -archive ${WORKDIR}
SWEEP virus detection utility Version 4.19.0 [Linux/Intel] - VirusBlokAda Vba32 VBA
- Number of descriptions in the database: 116454 out of 106624 live samples ( 109.2 %)
Number of 'in the wild' descriptions in the database: 0 out of 0 live samples (N/A)
Commandline: vbacl ${WORKDIR} -af+ -rw+ -ha=3 -r=${LOGFILE} -ar+ -ml+
VirusBlokAda (Console scanner) Vba32 Linux 3.12.0.2 Program settings: -r=/home/virus/vba32.lst -sfx -ha=3 -pd+ -af+ -ha+ -ar+ -qu+ -ok+ -ml+ -rw+