RE: [Declude.Virus] Which scanner?
Hi Dave, Not at the moment but we can look at adding this request to our dev list. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Dodell Sent: Saturday, February 06, 2010 9:43 PM To: declude.virus@declude.com Subject: [Declude.Virus] Which scanner? In my email reports, is there a way to also signify which scanner caught the virus; ie internal vs one of the external scanners? so my reports now look like; Declude Virus v4.6.35 caught the following: Virus Name: Sanesecurity.Junk.26145.UNOFFICIAL Virus File: Unknown File From: lyris-nore...@listhost.stat.com To : junkm...@stat.com Date: 06 Feb 2010 17:10:56 Subject:Re: You have spam Spool File: D050a00d3693b.smd RemoteIP: 65.163.175.26 SenderHost: listhost.stat.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which Scanner is BEST
My experience with McAfee. It then calculates the time between each virus being first spotted somewhere in the world by the MessageLabs consulting group and the time when each anti-virus service has a working fix available to the public (not counting beta versions available only to testers). The Extra.dat files are Not Beta and are available to the public, but are not counted. The Daily DATs are Beta, so are excluded by choice. They are available to the public, not just testers only. These version are always available Very fast. (usually by the time I see copies arriving) While these are handy for those of us who keep watch (over companies and mail servers), they are normally installed manually. Automated installs are usually just for the regular DATs. When a virus is found in large numbers in the wild, it is given a Medium or High risk. Then McAfee will break their weekly update cycle and release the DAT file ASAP. I do feel they have been too slow on a couple of the recent virus to raise it to Medium. (but that's 3 or 4 out of the 30+ recent wild pests). If the virus has been around for a while, then goes Medium, the DATs are released in a couple of hours. If the virus goes straight to Medium (spammed release), then it's normally 4 to 6 hours from outbreak (arriving in my mail boxes) to regular DAT release. For the last year or 2 McAfee has discussed doing fully tested Regular DATs (daily or at least several times per week). I guessing that when the dust settles from the current wave of viruses, they will be changing their cycle. Greg Little --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
When we are running two scanners, is there a way to know which one caught a particular virus? And if knowing that one caught more than the other, would there be an advantage of placing it first in the sequence? If you use LOGLEVEL MID, you'll see in the logs which scanner detected the virus. The order in which they are run shouldn't matter, as far as Declude Virus is concerned -- just so long as one or both catch the virus, the E-mail will be quarantined. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
Duh. I see now. Interesting - in this one (below) Scanner 1 (F-Prot) reported Lentin and Scanner 2 (McAfee) says Yaha. I see what you mean now about no advantage of order of scanner. I was kinda wondering if scanner 1 found something, whether it invoked the second scanner or just went ahead and handled the virus processing. Would that speed things up any (skipping #2 if #1 found a virus)? TGIF Thanks, John 12/06/2002 11:11:03 Qda0e4a6301ee7871 Outlook 'MIME Header' Vulnerability: type=audio/x-wav, name=friendscr.scr. 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanner 1: Virus=: W32/Lentin.F@mm Attachment=friendscr.scr [1] I 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanner 2: Virus= the W32/Yaha.g@MM virus !!! Attachment=friendscr.scr [1] I 12/06/2002 11:11:04 Qda0e4a6301ee7871 File(s) are INFECTED [13] 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 2 29617] 12/06/2002 11:11:04 Qda0e4a6301ee7871 From: [EMAIL PROTECTED] To: ***@jcjc.edu 12/06/2002 11:11:04 Qda0e4a6301ee7871 Subject: Fw: Wonderfool stuff to ur friends R. Scott Perry wrote: When we are running two scanners, is there a way to know which one caught a particular virus? And if knowing that one caught more than the other, would there be an advantage of placing it first in the sequence? If you use LOGLEVEL MID, you'll see in the logs which scanner detected the virus. The order in which they are run shouldn't matter, as far as Declude Virus is concerned -- just so long as one or both catch the virus, the E-mail will be quarantined. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
Duh. I see now. Interesting - in this one (below) Scanner 1 (F-Prot) reported Lentin and Scanner 2 (McAfee) says Yaha. I see what you mean now about no advantage of order of scanner. I was kinda wondering if scanner 1 found something, whether it invoked the second scanner or just went ahead and handled the virus processing. Would that speed things up any (skipping #2 if #1 found a virus)? There would be a very slight increase in processing speed. However, since all legitimate E-mails are scanned twice, scanning an E-mail with a virus twice doesn't add any unexpected load. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
