You might wonder, as do some of my colleagues here at Techweb, why I’ve given so much space to coverage of ClamAV, the open source anti-virus filter technology. This is, after all Messaging Pipeline, and our focus here is on e-mail, instant messaging, and technology that promotes collaboration through messaging systems. Well, the answer is simple: virus transmission is a messaging phenomenon! In simple terms, we would not have the plague we have today without e-mail and instant messaging systems capable of wreaking havoc on a worldwide basis at the mere press of a button that sets off a virus transmission campaign.
Early virus warning systems, such as the ones sold by Ironport, Avinti, and Commtouch, are really the best ways to stop virus attacks because they catch a virus campaign before it reaches very far into the Internet’s vastness. But that’s only helpful for customers who use those systems and can depend on their quick detection of the attacks and their ability to inform our networks to shut off the e-mail from that source. But they don't stop instant messaging-borne virus attacks, and well, those of us without their protection need to depend on old-fashioned filters that identify and trap viruses.
The problem is the speed with which new viruses are identified and profiled by security companies, and then the speed with which the resulting virus signatures are sent out to members of a particular antivirus network. A slow response by anti-virus vendors is not a good thing. (To see just how important speed can be, check out Osterman Survey Points Up Anti-Virus Dissatisfaction).
Even spam filters aren’t as important as these, so speed is a major issue, and the surprising result found by both Adam Hyde of Electric Mail (see I Can't Get No Anti-Virus Satisfaction) and others identified by Linux Pipeline editor Matt McKenzie (see One Fast Clam That Eats Viruses), is that ClamAV is the open source virus filter product that does a better, and much speedier, job than commercial vendors of virus filtering products.
That said, along with Adam Hyde, I’d take the strong position that the only approach for fighting viruses that can be depended on includes both belt and suspenders, and probably several sets of each. You should consider more than one source of anti-virus filtering technology, and should probably consider one of the early outbreak solutions as well. But whatever you consider, consider ClamAV for your mix of solutions because it seems to work pretty damned well.