GJ> For the folks using multiple scanners, do you have any stats on how
GJ> often the secondary scanner found a virus that the first one missed?
I run f-prot as #1, NAI as #2, and ClamAV as #3. I do keep daily
stats for my Imail/Declude server. I'm not sure what you want to
know but all 3 vary some every day.
The variance is greater when a new outbreak event occurs. After a
few days the variance becomes less.
Just as an example my report for yesterday appears below.
GJ> I realize that the cost of F-Prot (which I am using) is quite low and
GJ> others might be as well, so it is not a cost issue but rather a "Do I
GJ> really need it?".
I have three running and I've definitely seen occasions where one
of the three worked and the other 2 didn't. But I've also seen
occasions where none of the three worked.
From: 05/16/2004 00:00:20 Thru 05/16/2004 23:59:58
Log files: vir0516.log
Scanner 1 Virus names
VBS/[EMAIL PROTECTED] = 2
W32/[EMAIL PROTECTED] = 1
W32/[EMAIL PROTECTED] = 3
W32/[EMAIL PROTECTED] = 2
W32/[EMAIL PROTECTED] = 1
W32/[EMAIL PROTECTED] = 1
W32/[EMAIL PROTECTED] = 19
W32/[EMAIL PROTECTED] = 48
W32/[EMAIL PROTECTED] = 10
W32/[EMAIL PROTECTED] = 62
W32/[EMAIL PROTECTED] (corrupted) = 1
W32/[EMAIL PROTECTED] = 11
W32/[EMAIL PROTECTED] = 26
Scanner 1 Days
05/16/2004 = 187
Scanner 2 Virus names
Exploit-MhtRedir.gen trojan !!! = 1
Exploit-ObjectData trojan !!! = 8
W32/[EMAIL PROTECTED] = 1
W32/[EMAIL PROTECTED] = 2
W32/[EMAIL PROTECTED] = 3
W32/[EMAIL PROTECTED] = 2
W32/[EMAIL PROTECTED] = 1
W32/Mydoom.f!zip = 1
W32/[EMAIL PROTECTED] = 8
W32/[EMAIL PROTECTED] = 9
W32/[EMAIL PROTECTED] = 47
W32/[EMAIL PROTECTED] = 10
W32/[EMAIL PROTECTED] = 48
W32/[EMAIL PROTECTED] = 15
W32/Netsky.q.dam = 3
W32/[EMAIL PROTECTED] = 7
W32/[EMAIL PROTECTED] = 1
W32/[EMAIL PROTECTED] = 26
Scanner 2 Days
05/16/2004 = 193
Scanner 3 Virus names
Exploit.MhtRedir = 1
Trojan.Dropper.C = 1
Worm.Bagle.Gen-vbs = 2
Worm.Bagle.Z = 1
Worm.Dumaru.A = 3
Worm.Klez.H = 2
Worm.Mydoom.F = 1
Worm.SomeFool.Gen-1 = 65
Worm.SomeFool.I = 10
Worm.SomeFool.P = 63
Worm.SomeFool.Q = 11
Worm.SomeFool.Z = 26
Scanner 3 Days
05/16/2004 = 186
Scanner Comparison
Q030a0e560130e7ae = 2: the Exploit-ObjectData trojan !!! Attachment=
Q09d025bb01485ef4 = 1: W32/[EMAIL PROTECTED] Attachment= [0] I: W32/[EMAIL
PROTECTED] Attachment=
Q2d16263a01142959 = 2: the Exploit-ObjectData trojan !!! Attachment=
Q32b620500124216d = 2: the Exploit-ObjectData trojan !!! Attachment=
Q367d26760148e0eb = 2,3: the Exploit-MhtRedir.gen trojan !!! Attachment=
Q3b422806010a8200 = 1,3: W32/[EMAIL PROTECTED] Attachment=
Q6d391fe400c2af25 = 2: the Exploit-ObjectData trojan !!! Attachment=
Q729625c2010aa3ee = 1: W32/[EMAIL PROTECTED] Attachment= [0] I: W32/[EMAIL
PROTECTED] Attachment=
Q81061a8700f008d2 = 2: the Exploit-ObjectData trojan !!! Attachment=
Q976d2b9300de8a7d = 2: the Exploit-ObjectData trojan !!! Attachment=
Qaf581bbd00f0f88d = 2: the Exploit-ObjectData trojan !!! Attachment=
Qbfe31cbb00f097d5 = 2: the Exploit-ObjectData trojan !!! Attachment=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
