2009
07.30

Gmail Antivirus Engine is ClamAV

Category: Malware, Testing / Tag:  / Add Comment

I know that Gmail Antivirus is powered by Sophos, as some has tested in 2005.

It’s 2009 now. When I was writing “Who is Hacking Me? ~’Who Will Care’ is Wrong~“, I used local ClamAV to check how many can ClamAV detect, then sent the 53 binaries through Gmail to VirusTotal. Since Gmail is powered by Sophos, malware that went through Gmail should not be detected by VirusTotal.

I sent all the 53 binaries to Gmail, and scanned the binaries locally with ClamAV.

ClamAV @ Localhost Unknown Scanner @ Gmail
Detected 41 41
Undetected 12 12

Then, I sent these 12 undetected binaries to VirusTotal.

ClamAV @ VirusTotal Sophos @ VirusTotal
Detected 0 10
Undetected 12 2

All undetected by ClamAV, but Sophos detected 10 of them! It looks to me Gmail has switched AV vendor from Sophos to ClamAV!

3 comments so far

Add Your Comment
  1. .hac said: 2009.07.31 00:23

    Interesting observation!

  2. log0 said: 2009.07.31 00:29

    It’s just a finding I observed since last article… so this one is for free.

  3. 雪雨馨风 said: 2009.07.31 02:16

    哈哈。。。可能哦

Your Comment