In its blog at http://www.avertlabs.com/research/blog/index.php/2007/08/12/what-a-tangled-web
McAfee has been receiving inquiries from its users over the results of the Untangle test.

The “Fight Club” test at LinuxWorld was not only a test of AV products. McAfee has missed a point here: the test also demonstrated that AV tests rarely publish their methodology. A test that lacks open review of the methodology used and that as a result shows any vendor in a positive light can’t be considered objective.

The “Fight Club” test is the only test, that we are aware of, to fully publish its methodology. Vendors that don’t fare well in tests that can be scrutinised are happy to make claims based on tests conducted behind closed doors that lack published methodology and success criteria because those tests cannot be questioned.

While the methodology in this test has been debated, we believe that all tests should be as open to review as the Untangle test was!

With the release of ClamAV 0.91.2 we introduce the option to scan for Potentially Unwanted Applications. The PUA database contains detection for applications that are not malicious by itself but can be used in a malicious or unwanted context.
As an example: A tool to retrieve passwords from a system can be useful as long as the person who uses it, is
authorized to do so. However, the same tool can be used to steal passwords from a system.

To make use of the PUA database you can use the ”—detect-pua” switch for clamscan or enable it in the config file for clamd.

At this point we DON’T recommend using it in production environments, because the detection may be too agressive and lead to false positives. In one of the next releases we will provide additional features for fine-tuning allowing better adjustments to different setups.