Local Tech Repair: ClamWin and Clam Sentinel Review on Windows XP

Monday, July 11, 2011

ClamWin and Clam Sentinel Review on Windows XP

Clamwin is a version of ClamAV for windows. Though clam does not have active protection this is where clam sentinel comes in providing active protection for the clam definition database. So trying out clam to see if it really holds up to some of the things that viruses can throw at it we will see if it is worth even trying.


The list of viruses are from the following links.
-----WARNING REAL VIRUSES-----
adeliminator.net
http://www.thevalidatecheck.com/fr_ipd3/MjAxMTA3MTAtNzYuMTE1LjI0OC4xNjk=/index.php?web_id=CD4099&muid=MT-4e1a64ed4d383-3659
http://www.anti-spyware-101.com/download-sph
http://www.top20free.com/wallpaper.html
http://www.keygenguru.com/
http://spywarezapper.com/
http://www.rocketdownload.com/program/serial-keys-recover-215490.html
http://www.topwallpapers.com/
freevirusprotection.org/
www.free-antivirus.info/anti-virus/avg-antivirus-free-edition.html
www.newfreedownloads.com/find/adware-removal.html
www.freechristmasscreensavers.com/animatedsavers.htm
www.ihateadware.com/
www.freechristmassavers.com/
www.fasterpccleanclean.com/remove-rootkit-win32-agent-pp
http://www.reimage.com/lp/nhome/dyn.php?tracking=ga1&banner=6.1_Content_US&adgroup=Malware&ads_name=728x90_spyware_new_lp8&keyword=Spyware&lpx=LP-8
www.handyarchive.com/free/rootkit-web-bug-worm-eliminator/
---------WARNING REAL VIRUSES DON'T GO TO--------------


So while visiting these sites and and allowing the active x to run all these sites. I never received any popups warning me of possible infections or any warnings on a default install. This could possibly been fixed if I turned on warn on suspicious activity though this is not turned on by default. After trying to run in normal mode spybot, malwarebytes, and superantispyware and all of them being killed by the viruses I decided to try safe mode to see if it made any difference. And it did not.

Detection Rate for Default mode for clamwin is 0%


To see if clam will pick up any off them I tried to run it under hirens boot CD to see if the definitions would work. While in Hirens Boot CD Clamwin was able to find 1 virus after a ~31min scan of a 10GB hard drive. Where by comparison avira picked up 5 in 9 mins from hiren boot cd. And superantispyware found 5 more on top of that in 14mins. ClamWin is a non effective virus protection it could not prevent any viruses from being installed and it could barely find any when there was some.

My Rating of this small virus scanner is a complete fail for both boot scanning and active windows scanning.

5 comments:

  1. Did you properly install Clam Sentinel? ClamWin must be installed/configured before Sentinel is installed.

    Did you properly configure Clam Sentinel? You must select to run Sentinel upon Startup. You must also select to either quarantine or report detected malware. You must select to monitor the system for new malware (the recommendation is to detect suspicious files only-not to include the numerous notices of system changes). You must also make sure to monitor drive C at least.

    I visited several of your referenced sites, and my fully-configured Clam Sentinel detected one drive-by download and quarantined it.

    Finally, what did you do with the malware at those web sites? Sentinel's heuristics work best when malware is executed and starts its infection. The heuristics may not activate if you just download a file to a download directory, and if there is no ClamWin signature, it will not be detected until execution.

    Clam Sentinel should detect approximately 60% of new Windows PE file malware. This puts it in the same category as some of the AVs presently on the Virus Total online scanner site.

    Finally, I noticed that Avira AntiVir did not do well on your test. This is hard for me to believe, since I regard it very highly. This leads me to conclude that you may not be properly configuring the AV programs that you use.

    Regards,

    Guitar Bob

    ReplyDelete
  2. i know it is hard to believe though i use default configurations not any over the top. i am trying to test them as an average user would function them not as a tech person would with more knowledge than some of the viruses even writen. but thank you for comment.

    with more configuration these tests would probably pick up more but this still does not show. even when clam is ran from a live cd it does not pick up more than 1. this shows how weak the definitions are not the wrong configuration sense no matter a normal scan on live cd will not be effected by currently installed viruses.


    to answer you questions i did default install and configure. clam sentinel did run on startup c drive was being monitored. the thing is during the test i did not scan after each site i scanned (or tried to scan) after all sites where visited. their for the clam was already corrupted by the time we got to the scan and sentinel did no pick up on my passing.

    another all malware on sites where installed as a general (or stupid) user would do. all virus scanners so far have had the exact same test done on them and clam so far is the only one to fail this bad. I am a fan of clam and will be testing immunet 3 later on which also has clam built in for offline scanning.

    but I stand by my results.

    ReplyDelete
  3. If you used the default setting for Sentinel's heuristic system monitor, then Sentinel would only silently log suspicious files--the monitor would not quarantine them. The monitor comes with a default of Disable, but it is recommended that the user read the Sentinel Simple Guide to learn about monitor operation and change the option to Detect Suspicious Files Only. The third monitor option enables monitoring with complete system messages, which can be confusing for some users.

    With the system monitor activated, Sentinel will detect about 60% of any viruses that do what viruses normally do. Without enabling the system monitor, you are only testing ClamWin and its signatures. There is nothing real-time about that!

    Regards,

    Guitar Bob

    ReplyDelete
  4. thank you for your response. you are correct that there are better ways of configuring clam sentinel that is not default install.

    there are user guides here for anyone else wondering http://clamsentinel.sourceforge.net/

    but for the average user they are not going to take the time to go through many different tutorials on how to best configure their anti-virus software they are just going to install and let the defaults run. the more tech savy you are the better results you will get out of any anti-virus. these test as i said are testing default setups and not configured setups.

    this gives a realistic view of how well clam will work with every day users.

    thank you for your concern and i do agree with you that there are better ways to use clam which is what I use on my windows 7 machine.

    ReplyDelete
  5. Thank you for testing ClamWin and Sentinel.

    Regards,

    Guitar Bob

    ReplyDelete