An un-epiphany – (based on: how to use a GPU to speed up ClamAV)

by

I have always been amused at people talking about the death of the antivirus industry. It has supposedly been dying for decades and it is still around and growing.

What amuses me even more is how people can sound so knowledgeable about how antivirus works and why it is doomed to fail. What is especially amusing is precisely how they get all their facts wrong.

I was busy reading about GPU (Graphics Processing Unit) based super-computers and its uses when I came across an interesting paper on how to use a GPU to speed up antivirus software. So I read it and had my un-epiphany.

The paper was describing how to use a GPU to speed up ClamAV. It used a lot of the same terminology that people use to say that antivirus is dead. So it occurred to me that people look at ClamAV and assume that is how all commercial antivirus products work.

I did not know whether I should laugh or cry.

When people ask me whether ClamAV is any good or not, I just have one answer: Does it detect the Wildlist? The answer is no. Virtually every commercial antivirus product out there detects the vast majority of the Wildlist most of the time.

Real antivirus products are significantly more complex and advanced than ClamAV can ever be. ClamAV probably represents the status of commercial products 15+ years ago. The technologies that can be seen in the real products are really very impressive, constantly changing and growing.

I have a hard time comparing our own technology with what you would find in ClamAV. It is like comparing a racing car to a grape. Modern scanning engines have different layers of detection, multiple heuristic engines and multiple emulators for both executable code and scripting languages.  The scalability and efficiency of modern antivirus engines given the massive volumes of data they are processing is astonishing.

Good technology can be beautiful. It can be art. It takes a geek to see and acknowledge it and it is an incredibly difficult concept to explain. Modern antivirus engines are art. Balancing flexibility, scalability and detection rates is an intricate dance that takes a group of extremely intelligent people years to perfect and tune.

Go back