Because File-Scan identifies the NetSky virus and variants with that name and ClamAV identifies the same viruses as SomeFool, I would have expected the first virus scanner (which happens to be File-Scan) to always pick them up give them all the same name (NetSky in this case). However the logs show a mix of NetSky and SomeFool names (see attached graphdefang image), which leads me to the conclusion that for some reason File-Scan is not picking up the virus first and so it is caught by ClamAV. That's not so bad, but yesterday we had an older virus (Welchia-B) get through both File-Scan and ClamAV, even though it was known to both.
I haven't used File::Scan, but from using NAI uvscan and ClamAV, I've noticed some differences in how virus scanners handle bounced messages, error messages, etc. A bounce or error message may contain a virus, part of a virus, or remnants of a virus after an ignorant virus scanner removed it. Because there are so many different variations on how these emails may appear, and because some of these emails aren't properly formatted, I suspect that no virus scanner can properly handle them all. I've seen ClamAV (very rarely) miss a virus that NAI uvscan catches, and I've seen uvscan may miss a virus that McAfee VirusScan for Windows (also an NAI product) catches. I would guess that this is what's causing you to see a few viruses slip through.
Josh Kelley _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
