On Thu, Jan 1, 2015 at 8:12 AM, Franklin Wang <franklin2...@y7mail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Of course, it's wonderful to know more friends with the same hobby. But > I wonder to know the answer about it for long. The virus db of clamav > may be the same on the several types of platforms, but the commercial > softwares maybe not. I copied a result of 'Day0 Summary' from > shadowserver.org a few days ago, as following:
Do note that overall "Anti-virus" is not just "mail filtering". ClamAV is aimed at examining content coming through a gateway, especially email, but is looking at what is inside the delivered packages. A full modern "anti-virus" package also includes checksum verification of critical system libraries and binaries, kernel monitoring for unexpected loadable modules, and examining local files already embedded viruses or trojans or rootkits, for out of date and thus vulnerable software, and for poor privilege management (such as unexpected suid programs or over-generous write access to /bin) *THAT* means different binaries and tools for different architectures.
