One Fast ClamOne Fast Clam

A lot of companies these days will try almost any kind of open-source software, including once-sacrosanct three-letter enterprise apps. Many of these people, however, still apply one big exception to their open-minded approach to open-source: anti-virus tools.

I sympathize with their dilemma. If they stick with McAfee, Symantec, or one of the other leading brands, they can rest easy knowing that hordes of highly-paid eggheads are fighting the Malware Wars so they don't have to.

And nothing screams "back off, black hat," like one of those spotless white lab coats

Yet all is not as it seems. Most people who know a bit about open-souce software have heard something about ClamAV. But have you heard enough to know just how good it is? If you have any doubt, read on, if only to hit some of the links below.

First, check out Adam Hyde's essay, first published next door at Messaging Pipeline, where I read it, grabbed it (or "repurposed," in polite company), and dragged it over here to LinuxLand with plans to attract a nice crowd of gawkers .

Hyde is a manager at Electric Mail, an email service provider that handles more than ten million messages a day for its clients. When the company's zero-tolerance policy towards malware sprung a few leaks, it fired the current pair of AV tools and tried out pretty much every proprietary tool that matters to the enterprise market. Plus, on the advice of the company's Unix geeks, he threw ClamAV into the mix to see whether it could swim.

As it turned out, ClamAV doesn't swim -- it flies. In Hyde's own tests, using two of the world's five top commercial AV products and 50 new virus variants, Clam AV was the first product to release a virus signature for new threats nearly 80 percent of the time.

Hyde also cites a PC WELT.de chart, based on June, 2005 response times to Sober.P, where ClamAV comes out on top. A PC Magazine study, performed in May, 2005 by AV-Test, shows essentially the same rankings, albeit with different times. Other data is available at AV-Test, an independent and highly regarded source of these types of malware comparisons.

Keep one important point in mind here: These results aren't coming from a lab with a full-time staff and lots of six-figure salaries. They're coming from thousands of user-submitted virus reports -- a process that, through some miracle, turns this globe-spanning stream of raw data into a malware detection system that works better than any commercial lab in business today.

For corporate anti-virus vendors -- remember the nice white coats? -- falling into line a few minutes behind ClamAV will provide some much-needed motivation, if they enjoy making things people will actually buy. As for those whose products sometimes caught up with ClamAV up to nine hours later (ahem!...symantec!) -- if you're reading this and you pay money for these products, are you angry yet?

Some of you, it seems, also agree with me on another point: It's time for the commercial AV vendors to get a grip and to quit shoveling the dangerously-close-to-FUD security hype. It was annoying before, and now it's embarrassing, as well.

And finally, there's the guest of honor at this party: Everyone who ever played a part in making ClamAV such a butt-kickin wonder should take tomorrow off. Tell your bosses I said so, and don' t take any lip from them.

By the way, if you're working with a passing familiarity with ClamAV, do yourself a huge favor: Check out the mind-boggling variety of platforms, configurations, and integration options available, including plenty of combinations that no proprietary package has come close to supporting for ages.

Even after a year of superlatives for various open-source products, ClamAV just might outdo them all. And it will do it in a corner of the software market where a lot of people assumed open-source products had no business setting foot.