Antivirus detection rate
A fundamental parameter to correctly evaluate an UTM device is the detection rate of its integrated antivirus engine. However, this is better said than done: this kind of evaluation is quite hard, as you need a representative collection of in-the-wild viruses. With the recent closure of historical virus collection sites as VXheavens and offensivecomputing.net, it become quite difficult to obtain up-to-date viruses and malware.
Fortunately, www.virussign.com continue to provide updated virus and malware collections that, at least for a small subset, are available for free (after registration). Using their services, I downloaded the 22th May 2012 free virus samples, containing 3439 viruses/malwares in total. Please note that, while this sample file contains viruses from 2007-2012, many of them remain in-the-wild viruses.
Consider this test round as a new-entry one: I understand that it can be improved, especially in the virus sample department. But on the other hand, it is better then noting ;)
So, how well the CR25ia (with 24th May 2012-updated signatures) performs in this test?
Very well, I must say: it has detection rate comparable to Avira's one, detecting over 66% of total malwares (to elaborate: Avira detected a little more then 2380 viruses). Moreover, note that not all the malwares included in this sample archive can be categorized as “virus”, so this result is very good.
The only downside of Cyberoam CR25ia integrate AV engine is its file-size dependency: files bigger then 25,600 KB are not scanned. While the vast amount of malware fits in this size limit, sometime viruses append themselves to larger file, as ISO images. In this case, CR25ia AV engine can do little to protect your internal LAN.
Anyway, I am still positively impressed by Cyberoam antivirus engine capability.