The biggest advantage is for a day 0 new virus. Vendor A may get the update out before vendor B, or Vendor C's heuristics may naturally catch something A or B let's through.
We are seeing the same benefit with IMGate rejecting dangerous attachments and known virus strings or common filename.type's.
Trendmicro sent out an alert today about the current volume of bagle.at. I looked in our hourly log report, it had several 100 of "joke" and "price" rejects today (and we are a small shop), without us having to hope the AV shops got their db's updated.
bagle joke/price ".cpl" was getting past our attachment filter, but got caught by a generic string filter. I've added .cpl to the attachment filter.
That's 2 levels of generic protection (as opposed to 100K different AV sigs).
While IMGate stops the bulk of our infections, it's not meant to catch them all, so we still run an AV box, which catches but a handful per day.
Len
_____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
