I confirmed that Commtouch runs before AVG as the internal virus scanner and currently there is no way to change this without changing the code. I will add this as a dev request to switch the order of AVG and Commtouch.
David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, June 08, 2009 11:28 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR, scanner order Fair enough! Looks like a good service in general - hopefully, the implementation can be cleaned up at some point. Thanks, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, June 08, 2009 11:10 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR, scanner order Andy, It is implemented in the Declude virus but because the spam function overlaps into junkmail and the spam weighting system is in junkmail the weight is specified in the global.cfg - as you can see it is more as a directive than a test. Secondly you are correct about the developer who integrated Commtouch. This was before I took over the managment of Declude and it is suffice to say he is no longer with Declude either. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, June 08, 2009 11:02 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR, scanner order Hi David: Thanks. The Global.cfg configures the Declude.Junkmail - but you said it was implemented as Declude.Virus. So any configuration would go into the Virus.cfg file. It seems to me as if it's implemented in some fashion in both ends. >> In the Declude EVA the ZEROHOUR is part of the internal scanner process and I will need to look at the code to determine the order of scanning but I will get back to you on this. << Based on log entries/detection it appears as if it first checks ZEROHOUR, then AVG, then launches the external scanners. Sorry for all the questions - just trying to wrap my arms around the "new way" that everything is behaving now - as it's inconsistent with what I have had in place all these years (both in Junkmail, which relies on TESTSFAILED to control actions) and in Virus (which relies on virus name detection to control what actions to take). (Seems as if ZEROHOUR was added by a developer who wasn't yet familiar/briefed with what was already in place elsewhere in the product, and just came up with his/her own way of doing things instead of integration with the existing features.) Thanks, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, June 08, 2009 10:34 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] ZEROHOUR, scanner order Commtouch Zerohour identifies virus' based on traffic patterns rather than signatures this is why it is not associated with a name. There is only one option currently for Commtouch - in the global.cfg ZEROHOUR x Where x is the weight assigned if ZEROHOUR is triggered. In the Declude EVA the ZEROHOUR is part of the internal scanner process and I will need to look at the code to determine the order of scanning but I will get back to you on this. David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
