John Graham Posted March 14, 2022 Report Share Posted March 14, 2022 Hi, This is the first time I am using Immunet (v7.5.0.20795). I chose it because of Cisco's reputation and because it uses ClamAV (also it's excellent reputation). I had ClamAV installed before but Immunet includes ClamAV so I have discontinued (uninstalled) it. On my last download of some Rescue Discs (MediCat USB, and All in One – System Rescue Toolkit - see url links below for ref) purely as to see how well they performs, Immunet detected 4 files as malicious - see screenshots attached (for MediCat as example). Here's the quandry: There is a difference between VirusTotal and Immunet - specifically the ClamAV engine. In one ClamAv does not recognize the file yet Immunet and VirusTotal detected malicious content. In another, ClamAV did NOT detect any malicious content but yet Immunet detected a malicious content. Can someone let me know what's going on and if there is a "quirk" in Immunet? I'd like to have some confidence in Immunet's behavior. I assume that the files have been uploaded to the Cloud Community as I have checked the share with community box (Cloud Notifications = On). Ref links: https://www.geckoandfly.com/32030/bootable-windows-pe-recovery-repair/ MediCat USB: https://gbatemp.net/threads/medicat-usb-a-multiboot-linux-usb-for-pc-repair.361577/ All in One - System Rescue Toolkit (AiO_SRT): https://paul.is-a-geek.org/aio-srt/ Thanks in advance. (FYI: I use System Rescue CD, UBCD, Knoppix, Ubuntu 10.04 thru 16.04 Live purely for i386 compatibility - any other suggestions are welcome) JG. Link to comment Share on other sites More sharing options...
Rob.T Posted March 18, 2022 Report Share Posted March 18, 2022 The behaviour your describing is normal for Clam AM and Immunet (and most other Av apps).Clam AV relies on a human writing and testing a virus definition. Virus definitions usually match one virus def to many files. Becaue of this one-to-many matching a poorly written virus definition might end up with a high false positiv rate (i.e. the virus definition detects a lot of benign files that don't have viruses in them as malicious). Or even worse, the virus definition might not detect the origional malicious file it was written for (i.e. false negative where a know malicious file is not detected as malicious). This process is time consuming and usually as such lags days or weeks behind Immunet's cloud scanning engines which can generate virus definitions in a completly automated fashion. It's also worth noting that every virus definition added to clam av incurs a small prformance hit. As such we try to limit clam AV to high score virus (as scored on the Common Vulnerability Scoring System (CVSS) ). Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now