Panda Antivirus Platinum dutifully reminded me tonight that I have only 28 days to renew my subscription to their update service. Last year, I blindly renewed because I didn't want to take time out to look at my other options. Panda's product is a good one, though I had some problems with its firewall and update procedures. The firewall didn't like MMORPGs very well, especially if they had updated recently, which most do pretty often. Other network based games had similar problems, where Panda's attempt to bring up a warning about a program trying to access the network would crash, slow down, or at the very least interrupt a gaming session. The updates often had trouble connecting to Panda's servers, and frequently displayed messages about it, even though they would connect a few minutes or hours later successfully. So I decided it was time to look at alternatives. And being a bit of a cheapskate, I decided to look at open source (free) alternatives. This search brought me to the open source "ClamWin" AntiVirus package. I'll review that package here.
ClamWin installs in literally a few seconds. It will scan your hard drive for known viruses and let you know if it encounters any. You can schedule scans to happen anytime you like. The virus definition database is updated almost immediately after a new virus is detected, and you can configure it to download updates as often as you need them. Being a free product, you don't need to pay a subscription fee to get your updates or your new versions.
Like any good antivirus utility, ClamWin provides a context-menu scan from within Windows Explorer, so that you can right-click a file and scan it immediately after downloading (for example).
ClamWin also includes a Microsoft Outlook add-in to scan your Outlook mail for viruses. I won't be talking about that much here since I use Thunderbird for email rather than Outlook.
Like any good Windows AntiVirus tool, ClamWin has a basic GUI:
From here you can scan any drive on your system or reconfigure ClamWin to your specific needs.
The file scanner runs quite quickly. It took only a few minutes to scan a "pretty full" 120GB hard drive on my Athlon XP 3000+ system. Here's a picture of what the scanning process looks like:
While it doesn't include a Firewall like Panda Antivirus did, I have a hardware-based firewall on my home LAN that serves me quite well. I mostly used the Panda firewall to make myself aware of attempts by my applications to "call home" to their manufacturers. If I should decide I need a software firewall again, I'll see what open source options there are for one.
For free software, ClamWin provides an impressive array of features. For example, you can configure it to scan in subdirectories (so that it is more thorough) or not (so that goes more quickly). You can choose to have it report infected files, remove them, or quarantine them somewhere:
You can tell ClamWin to include or exclude certain files or "filename patterns" (like "*.txt") in the scan:
You can configure ClamWin to automatically update its virus database from a specific site, and do so daily, weekly, etc., at a specific time of day:
You can also very easily schedule scans of specific disks, folders, etc. Initially after ClamWin is installed, no scans are scheduled.
Scheduling a scan of your C:\ drive is pretty easy to do. Click "Add" in the above window and the following dialog appears:
Above, I've just configure ClamWin to scan my C:\ drive every day at 3:30 am.
We now see the scan I setup listed in the window.
ClamWin can be set to scan files inside of archives (e.g., Zip files, RAR files, etc.), with limitations on exactly how many files it will scan and how large those files can be (since it needs to extract them temporarily to scan them).
If you need to move the ClamWin components around, you can specify their locations here:
Similarly, you can specify where the log files are kept for scanning reports and virus database updates.
The Advanced options allow you to treat text files as mailboxes, extract attachments and Macros from Microsoft Office documents, limit log file size, and even change the priority of the scanning activity:
For network administrators or home networks with multiple PCs, you can even configure the software to send you an email message if it detects a virus on your computer.
The message generated by this feature when a virus is detected will read something like the following (naturally the exact details will depend on your configuration and the addresses you're using): From: clamwin@<yourdomain> [mailto:clamwin@<yourdomain>]
Sent: Saturday, July 16, 2005 6:58 AM
To: <your address>
Subject: ClamWin Virus Alert ClamWin detected a virus on the following computer: PC2 Please review the attached log files for more details.
The attachment looks something like this: --------------------------------------
Scan started: Sat Jul 16 03:30:04 2005 C:\Documents and Settings\Michael Salsbury\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-46bf7b4a.zip: Java.Downloader.OpenStream.A FOUND
ERROR: Can't open file C:\WINDOWS\system32\config\default
ERROR: Can't open file C:\WINDOWS\system32\config\SAM
ERROR: Can't open file C:\WINDOWS\system32\config\SECURITY
ERROR: Can't open file C:\WINDOWS\system32\config\software
ERROR: Can't open file C:\WINDOWS\system32\config\system -- summary --
Known viruses: 36446
Engine version: 0.87
Scanned directories: 9452
Scanned files: 111228
Infected files: 1
Data scanned: 48112.05 MB
Time: 12502.477 sec (208 m 22 s)
Thus, from this one simple email message, we know that "PC2" is infected with a virus named "Java.Downloader.OpenStream.A". If we had configured ClamWin to move the infected file to a quarantine location, it would have done so. In this case, I removed the infected file from the system manually soon after the scan completed. Interestingly, Panda Antivirus didn't detect this Trojan on my system, while ClamWin did. Missing Features ClamWin doesn't (yet) provide on-access file scanning. On-access scanning means that as you open files, the antivirus software checks them for viruses. While this is an important part of an antivirus solution, it's one that in my opinion is overrated. If you set the software to perform nightly scans of your hard drive, and you always remember to scan the system after you install new software or download something, the chances of a virus infecting your system are extremely low. More often than not, in my opinion, the on-access scanning just slows down overall system performance because it scans every program you run and every file you load, every time you load them, even if the files haven't changed in months. As such, it generates a lot of unnecessary overhead. In any event, that's being developed for ClamWin as I understand it, so it won't be long before this deficiency is rectified. Compared to Panda, ClamWin doesn't include a software firewall. If you have a VPN/Cable router that includes NAT and firewall functionality, you probably don't need this in your software configuration. But if you do, there are free products out there that provide firewall functionality. You don't need it built into your antivirus solution. Panda provides anti-spam, anti-phishing, web content filtering, and heuristic scanning technology. ClamWin doesn't include anti-spam or anti-phishing technology, but I don't see this as a big deal. SpamPal for Windows takes care of both of those problems. ClamWin doesn't offer heuristic scanning at this time, but since they do seem to keep the virus definitions current, that's a relatively minor deficiency as far as I'm concerned. I suspect the developers will add this to ClamWin before long. Only a Couple of Nits to Pick I've been using ClamWin exclusively now for quite a while, and I am generally quite pleased with it. As with any software package, there are things I'm not crazy about in it. In the big scheme of things, these are minor little nits but worth mentioning. First, every time it runs, ClamWin will detect scan errors with the following files: ERROR: Can't open file C:\WINDOWS\system32\config\default
ERROR: Can't open file C:\WINDOWS\system32\config\SAM
ERROR: Can't open file C:\WINDOWS\system32\config\SECURITY
ERROR: Can't open file C:\WINDOWS\system32\config\software
ERROR: Can't open file C:\WINDOWS\system32\config\system
That's not a big surprise, since these are critical Windows system files that are always open. I think ClamWin ought to automatically skip these in its scan, but it doesn't. It's easy enough to ignore them in the report, but it shouldn't be necessary to have to. My second issue is with the quarantine capabilities. Even though ClamWin might detect and quarantine a suspected infected file or Trojan, it will still warn you each time that the file is infected, even if that file is in quarantine. I think it would be better if ClamWin only alerted you to new infections outside the quarantine folder. I'd be OK with a "reminder" at the bottom of the scan that says "Hey, don't forget that there are XX viruses in quarantine at location: C:\...." This last one isn't really an issue for me personally, but I've seen others complain about it. ClamWin's scanning process is fairly CPU intensive. If you have a lot of executable files and a mid-range or low-end system, these scans can seriously impact your ability to use the machine. The solution to this is to schedule your scans at a time when you're not using the machine. I typically schedule mine to occur at 3:00am, since it's very rare that I'm actually using the system at that hour. Your mileage may vary. Conclusion There isn't much else to say about this product. It installs quickly, works as designed, updates automatically, protects well, and doesn't cost a cent. What more could I want from an antivirus solution? If you prefer a commercial antivirus product, you might want to check out PAL Emergency Response Antivirus.
Related Blogs:
Related Links:
|
