This is an answer to your message, but I still cannot send replies to a
thread with my Opera; I can only post new threads. Sorry for that.
First, I have to clear up one important thing: I am not in any ways tied to
Bjarni's Sanitizer project.
I am only a user of his great tool, as you are. I do not use Sanitizer in
combination with F-Prot, either. (I would if I could, but for financial
reasons I use an other antivirus program on a client machine, by which I
eventually scan the quarantine). You can guess now that I would be the most
glad if OpenAntivirus was a reliable solution.
And now my answers to your questions:
>> OpenAntivirus in its present state seems to be very-very far from being a
>> reliable solution.
>> What about virus definition files for it? How often are they released?
>> What about the detection of macro viruses?
> Are you speculating or speaking from experience or documentation?
This thread had given me the idea to have a look at OpenAntivirus. I had
visited the author's mailing list and I found that they were still debating
about fundamental things:
- what are the principles of preparing virus signatures; how to automate
that; if they could use the virus signatures of commercial virus scanners;
and so on.
At present they use seach strings (patterns) for detection of viruses. They
themselves mention that this approach is not appropriate for detection of
viruses which come in source code (like all visual basic, vbscript or jscript
viruses). They cannot detect polymorphic viruses, either. Because of this,
they esteemed that OpenAntivirus can theoretically detect some 80% of the
viruses (supposed that their virus signatures are always up-to-date).
So my speculation is based on the above facts.
I do not debate that OpenAntivirus can catch viruses. Actually it may catch
80% of them, which is great. But there is the other 20%, which I deem too
The question of virus signature updates: when a new e-mail virus begins its
life, the reputed antivirus programs' virus definition updates are available
in 2 or 3 days. Reading the mailing list, this question did not appear to me
as solved in the case of OpenAntivirus. It may even take weeks until the
virus definition file is updated in such cases. This delay is unaffordable.
Please consider: a new virus can spread the most quickly in its first days or
weeks of life, when the antivirus programs cannot detect them as the
signatures are not available or careless users do not update them. So this is
a very critical period, and it is too long in the case of OpenAntivirus.
> I think you may have missed his point. His questions was could he use
> OpenAntivirus with Sanitizer vs. a commercial product?
I did not miss his point at all.
My answer to this question was between my lines:
No, Sanitizer with OpenAntivirus is not an alternative of commercial
solutions, if safety is a must.
But an adequately configured Sanitizer on the server and a good commercial
virus scanner on the administrator's machine are a real alternative, if cost
saving is important.