RE: [sniffer] F-Prot and netsky
Mike, No ideas on f-prot, but justsomething we do: Weuse a combination of 2 virusscanners, McAfee (updated automatically with dailydat every day, automatic install of extra.dat emergency datspossible from version 7 and up) and Kaspersky, which I update every hour. Using this combo, we blocked all non-zip netsky viruses because of the restricted attachments list we use, and about 50 netsky zipped viruses slipped through because of the time between discovery and fix. This resulted in 3 actual infected networks which we had to clean. Groet, (regards) -- ing. Michiel Prins bsc [EMAIL PROTECTED] SOSSmallOffice Solutions /Reject / Wannepad 27 - 1066 HW - Amsterdam t.+31(0)20-4082627 - f.+31-(0)20-4082628 -- Consultancy- Installation- Maintenance Network Security -Internet - E-mail SoftwareDevelopment - Project Management -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike VandeBergSent: dinsdag 24 februari 2004 15:33To: [EMAIL PROTECTED]Subject: [sniffer] F-Prot and netsky I was wondering if anyone else is using F-prot for their virus engine in declude, and what they now think about it. Netsky was discovered on the 18th, and F-Prot actually had it posted on their website as being discovered by them on the 19th. But they didn't update their definition files to actually catch it until early this morning. This meant that netsky ran rampant under F-Prots nose for 6 days. I feel this is completely unacceptable, and I am going to change my virus engine this week unless someone can tell me that there is a good reason why I shouldn't. Any ideas or feedback from someone using F-Prot? Thanks Mike VandeBergNetworkAdministratorNTS Services Corp309-353-5632 ext. 227 Mobile 309-241-8973[EMAIL PROTECTED] ---This message has been scanned for spam and viruses by Reject
RE: [sniffer] F-Prot and netsky
Thanks for the replies folks, I think I may just stay with F-Prot. But one thing is still confusing me.. Why did some people get a def file on the 18th that caught netsky, but mine didn't. On the 20th, I even went so far as to re-install f-prot which initially installs a July 02 def file, and ran the updater just to make sure that I was getting the latest updated file as it was being distributed by F-Prot, and I still got the 18th def file, which according to Terry here, was catching it, but mine wasn't... Any ideas with that glitch? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smart Business Support Sent: Tuesday, February 24, 2004 9:28 AM To: Mike VandeBerg Subject: Re: [sniffer] F-Prot and netsky Mike, Tuesday, February 24, 2004 you wrote: MV I was wondering if anyone else is using F-prot for their virus MV engine in declude, and what they now think about it. Netsky was MV discovered on the 18th, and F-Prot actually had it posted on their MV website as being discovered by them on the 19th. But they didn't MV update their definition files to actually catch it until early this MV morning. This meant that netsky ran rampant under F-Prots nose for 6 MV days. I feel this is completely unacceptable, and I am going to MV change my virus engine this week unless someone can tell me that there is a good reason why I shouldn't. This is not our experience. Here's an excerpt form our virus reporter for the 18th. Scanner 1 is Fprot. Scanner 2 is NAI (McAfee). So on the 18th Fprot caught 39 it identified as Netsky. However, some of these were corrupted. All in all I'm happy with F-prot but I see enough difference to run 2 and might add a 3rd: From: 02/18/2004 00:00:30 Thru 02/18/2004 23:59:36 Log files: vir0218.log Scanner 1 Virus names VBS/Haptime.F = 1 W32/[EMAIL PROTECTED] = 4 W32/[EMAIL PROTECTED] (corrupted) = 1 W32/[EMAIL PROTECTED] = 1 W32/[EMAIL PROTECTED] = 1 W32/[EMAIL PROTECTED] = 5 W32/[EMAIL PROTECTED] = 39 Scanner 1 Days 02/18/2004 = 52 Scanner 2 Virus names VBS/[EMAIL PROTECTED] virus = 1 W32/[EMAIL PROTECTED] virus = 4 W32/Bugbear.b.dam virus = 1 W32/[EMAIL PROTECTED] virus = 1 W32/[EMAIL PROTECTED] virus = 1 W32/[EMAIL PROTECTED] virus = 3 W32/[EMAIL PROTECTED] virus = 2 W32/[EMAIL PROTECTED] virus = 14 W32/Sober!data trojan = 3 Scanner 2 Days 02/18/2004 = 30 Terry Fritts This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [sniffer] F-Prot and netsky
Title: Message ClamAV works very well, and is lightening fast when run daemonized (clamd).It's also hard to beat the price! I run is along with F-Prot and McAfee's uvscan, and Clam seems to keep up with the commercial scanners as far as virus updates. Bill -Original Message-From: Fred [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 9:02 AMTo: [EMAIL PROTECTED]Subject: Re: [sniffer] F-Prot and netsky Does anyone run ClamAV? I've been hearing a lot of good reviews on it.. Frederic TaraseviciusInternet Information Services, Inc. --- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to [EMAIL PROTECTED] Thank you
