Assured: The Isode Blog

ClamAV is an open source, free anti-virus tool, designed for email scanning on mail gateways.

It is owned by Sourcefire, which employs the ClamAV developers and provides commercial support for ClamAV.

The most important capability of an anti-virus product is to be able to remove a high percentage of viruses, including rapid reaction to new viruses.

A test by Untangle put ClamAV as one of the top three (along with Kaspersky and Symantec). This test generated a lot of controversy, with some arguing the test methodology to be flawed and others suggesting that commercial vendors are trying to suppress a free alternative.

A comment from AV-Comparatives, which provides independent testing, gives useful insight in explaining why it does not include ClamAV in its standard list. AV-Comparatives notes that ClamAV is not designed or suitable for use on an end system, but is designed to detect spreading viruses, and has a very good response rate to new threats. This is confirmed in its report and other references on the net.

ClamAV detects phishing attacks, as well as conventional viruses and worms. During one day’s operation on the Isode servers, the following viruses and phishing attacks were detected:

• Exploit.HTML.IFrame: 10 Time(s)
• Exploit.WMF: 6 Time(s)
• HTML.Phishing.Auction-144: 1 Time(s)
• HTML.Phishing.Auction-222: 2 Time(s)
• HTML.Phishing.Bank-1232: 1 Time(s)
• HTML.Phishing.Bank-474: 18 Time(s)
• HTML.Phishing.Pay-36: 1 Time(s)
• W32.Sality.Q-1: 5 Time(s)
• Worm.Mydoom.I: 1 Time(s)
• Worm.Mydoom.M: 4 Time(s)
• Worm.SomeFool.AA-2: 9 Time(s)
• Worm.SomeFool.D: 1 Time(s)
• Worm.SomeFool.P: 17 Time(s)
• Worm.Stration.YY: 1 Time(s)
• Worm.Womble.D: 8 Time(s)

The integration with an email gateway is straightforward and efficient. This is important for gateway/boundary use. A number of AV vendors are focusing on appliance and “complete solution,” and either dropping or reducing support for integration with other products.

ClamAV is a good anti-virus option for boundary checking.

Modern military communications are a key component of Network Centric Warfare. HF Radios are used extensively for military communications, and, although very slow, provide effective long distance communication in a wide range of situations.

A new whitepaper on the Isode website looks at how HF Radio fits with Network Centric Warfare, and looks at approaches for integrating HF Radios to maximize their effectiveness.

"HF Radio & Network Centric Warfare"

We've blogged before about how important it is that mobile device manufacturers take seriously the user interface of the email clients that they ship with their phones (as Apple have done) and how their failure to do this so far has helped make retrieving and sending email on a phone an unattractive proposition.

We came across the Tricast Mail email client recently and this blog post (and the video of the interface half-way down) makes the v2 version of the client look rather special. Can't wait to try it out.

Instant Messaging (IM) and Presence applications are now in wide use. In a new free-to-access whitepaper on the Isode website we consider their application in environments where security is of paramount concern, such as Government and Military deployments.

In particular the paper looks at:

• Distributed deployment
• Relationship to Directory
• Security Labels and Clearance
• Strong Authentication and Digital Signatures

The paper shows how an XMPP based solution can address these areas and looks at standards that need to be put in place to meet the security requirements discussed in this paper.

The first version of Isode's XMPP server, M-Link, was released with Isode R14.2 last month.

"Instant Messaging and Presence for Secure Environments" can be found here.