Hi,
Most viruses that AVG misses are "new" variants that take a day or two before AVG finally has an updated signature (the update frequency from AVG seems to be a bit spotty). Fortunately, my secondary scanner has hourly updates. However, there are some viruses (and I confirmed that indeed they are) that AVG always misses, such as W32/Bagle.fe!pwdzip. It's the virus where a user is sent a zip file supposedly with a "pricelist" (that's what the subject implies, with the password in an embedded GIF. Except for the Barracuda blacklist, the senders are usually newly infected PCs that are not caught on the other blacklists. Now, the number of daily viruses missed by AVG is extremely small (usually less than 10), but of course, you only need ONE user in your LAN to get infected to start a potential snowball effect and have days of cleanup work ahead of you that hopefully won't include any servers. I wouldn't bet the farm on the internal scanner! Sample: Received: from [192.168.168.6] [66.185.5.104] by Mail.Webhost.HM-Software.com with ESMTP (SMTPD-10.02) id AB1B0490; Fri, 05 Dec 2008 17:28:43 -0500 Date: Fri, 05 Dec 2008 16:28:45 -0600 To: "Rhanks" <[EMAIL PROTECTED]> From: "Smadden" <[EMAIL PROTECTED]> Subject: price 05-Dec-2008 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------nicuhltsamfpsjkasldg" X-Declude-Note: Message failed WEIGHTFILTER test (line 12, weight 4) X-Declude-RefID: X-Declude: Version 4.4.20; Code 0xe from ia-5-104.iowa.prairieinet.net [66.185.5.104] X-Declude: Triggered [6] BARRACUDA, WEIGHTFILTER X-Countries: UNITED STATES->destination X-Declude-Virus: Detected the W32/Bagle.fe!pwdzip [from IP 66.185.5.104 (ia-5-104.iowa.prairieinet.net)]. ----------nicuhltsamfpsjkasldg Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit <html><body> It Is Protected <br>Passwrd: <img src="cid:powrjastto.gif"><br> <br> </body></html> ----------nicuhltsamfpsjkasldg Content-Type: image/gif; name="powrjastto.gif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="powrjastto.gif" Content-ID: <powrjastto.gif> [content suppressed ] ----------nicuhltsamfpsjkasldg Content-Type: application/octet-stream; name="price05-Dec-2008.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="price05-Dec-2008.zip" [content suppressed ] Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.