ClamXAV is worse than useless or no antivirus, as it gives people a false sense of security, that the scanned file is "safe". ClamAV has a very poor track record and was created basically to scan email for Windows users using Unix-like mail servers. There is no focus on Unix/OSX threats at all. A while back when one of the first OSX Trojans appeared in pirated copied of iWork, I sought it out to test on; the pirate bay listing was helpfully changed to put clear warnings all over it that it was infected, leaving it up for people like me who wanted it to test. I still have it along with a collection of Windows viruses/Trojans/worms/keyloggers.
So I tested ClamXAV along with the free Sophos virus scanner, and observed VirusTotal stats on it. Basically, despite a number of signatures being submitted to them by security experts, ClamAV can't detect it or ANY Mac Trojan I know of. It's hit rate on Windows malware is amongst the worst, if not THE worst. Occasionally I went back and checked if things had changed, it never could detect it.
People get a sense that if they scanned a file, it must be safe. When I was on Windows, I fell for that once when McAffee cleared a file sent me, but fortunately my firewall stopped it calling out once I ran it. It took a couple of hours to clean my computer. I've also been the target of an Undetectable (UD) new Trojan keylogger. I didn't fall for it, they had already tried several phishing attacks against me. When I submitted it to VirusTotal, no antivirus program detected anything. Within a day, the major ones did, and within days, almost all did. But never ClamAV.
That's why I considers ClamAV worse than no antivirus at all.
So I tested ClamXAV along with the free Sophos virus scanner, and observed VirusTotal stats on it. Basically, despite a number of signatures being submitted to them by security experts, ClamAV can't detect it or ANY Mac Trojan I know of. It's hit rate on Windows malware is amongst the worst, if not THE worst. Occasionally I went back and checked if things had changed, it never could detect it.
People get a sense that if they scanned a file, it must be safe. When I was on Windows, I fell for that once when McAffee cleared a file sent me, but fortunately my firewall stopped it calling out once I ran it. It took a couple of hours to clean my computer. I've also been the target of an Undetectable (UD) new Trojan keylogger. I didn't fall for it, they had already tried several phishing attacks against me. When I submitted it to VirusTotal, no antivirus program detected anything. Within a day, the major ones did, and within days, almost all did. But never ClamAV.
That's why I considers ClamAV worse than no antivirus at all.