On Thu, Jan 1, 2015 at 8:12 AM, Franklin Wang <[log in to unmask]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Of course, it's wonderful to know more friends with the same hobby. But
> I wonder to know the answer about it for long. The virus db of clamav
> may be the same on the several types of platforms, but the commercial
> softwares maybe not. I copied a result of 'Day0 Summary' from
> shadowserver.org a few days ago, as following:

Do note that overall "Anti-virus" is not just "mail filtering". ClamAV
is aimed at examining content coming through a gateway, especially
email, but is looking at what is inside the delivered packages.

A full modern "anti-virus" package also includes checksum verification
of critical system libraries and binaries, kernel monitoring for
unexpected loadable modules, and examining local files already
embedded viruses or trojans or rootkits, for out of date and thus
vulnerable software, and for poor privilege management (such as
unexpected suid programs or over-generous write access to /bin)

*THAT* means different binaries and tools for different architectures.