Norton have lost the plot on this one. Even our beloved Groupshield will be getting daily pattern updates from Feb 24th (http://vil.nai.com/vil/daily-dat-faq.asp). A brief quote from this document helps put things in perspective:
"In 2004, we had an unprecedented rise in the number, propagation rate and prevalence of new malware.Through the year, AVERT saw a ten-fold increase in the number of virus submissions (from both virus-generated and from actual customers), a 250% increase in the rate of new malware development, and a 75+% increase in the number of emergency DAT releases.25 or more new Gaobot/Spybot/SDBot variants were received each DAY in 2004.In addition the growing amount of adware and Spyware require more consistent and available detection and removal. AVERT believes that the current schedule of weekly and emergency DAT releases are becoming less effective in providing adequate protection for our customers." Here we use Julian Field's MailScanner (http://www.mailscanner.info) on Linux as our email gateway, running ClamAV (http://www.clamav.net), Bitdefender for Linux (http://www.bitdefender.com/bd/site/products.php?p_id=16) and McAfee's uvscan. Pattern updates are checked hourly. Over the last year, we've "caught" several new viruses with ClamAV and/or Bitdefender which weren't detected by McAfee on its weekly (plus emergency release) schedule. Worst case was a new rapidly-spreading virus which we first caught on a Friday night. It took McAfee until the following Monday morning to release the new DAT files. To be fair to McAfee, we could have downloaded each new build of their daily "test" DATs which would probably have caught it, but if everyone tried that approach their servers would soon die under the load. Andreas Marx at http://www.av-test.org/ has published several studies of vendor response times to new outbreaks. I don't have the links to hand, alas, but the Bitdefender and ClamAV people are remarkably fast at coming up with new patterns. The ClamAV team releases updates as needed and not to an arbitrary schedule (do virus writers release their viruses on a weekly schedule so they'll be caught by the vendors' latest patterns? No!). The best strategy is to thoroughly defend your organisation at the perimeter, using several AV products selected both on detection rates and speed of response to new threats. Having good perimiter defences means that when your exchange-based AV starts shouting, you know the source is internal. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Orin Rehorst > Sent: 10 February 2005 20:10 > To: Exchange Discussions > Subject: Norton AV sig update slow? > > My boss says he heard NAV updates are issued days late. > > Pls comment. > > TIA > > Orin Rehorst > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
