Re: [Declude.Virus] Second scanner
Hi David, Mcafee is one - the command line scanner is only $11 - if you can find a vendor to sell it to you. ClamAV is another choice and its free. I use it w/clamd. http://www.sosdg.org/clamav-win32/index.php I use all three.. -Nick David Dodell wrote: After many years of using Virus Standard, I upgraded to Virus Pro to take advantage of a second scanner. I've scanned the previous threads on what others like for a second scanner to F-Prot, but can't seem to find any common thread ... So I would appreciate what seems to be the next most popular virus scanner to run as a secondary scanner to F-Prot? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Second scanner
When I upgraded to the pro version, I added ClamAV for phishing attempts (be sure to use the PRESCAN OFF directive) and AVG. The implementation of ClamAV for windows I used can be found at, ClamAV http://www.sosdg.org/clamav-win32/index.php David Dodell wrote: After many years of using Virus Standard, I upgraded to Virus Pro to take advantage of a second scanner. I've scanned the previous threads on what others like for a second scanner to F-Prot, but can't seem to find any common thread ... So I would appreciate what seems to be the next most popular virus scanner to run as a secondary scanner to F-Prot? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by the University of Georgia SBDC Email System.] -- Richard Lanard Information Technology Support University of Georgia Business Outreach Services /SBDC 1180 East Broad Street - Chicopee Complex Athens, Ga 30602-5412 phone: (706) 542-6774 fax: (706) 542-6776 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by the University of Georgia SBDC Email System.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Second scanner
Second the motion on ClamAV. Being free and very good against phishing, I would definitely consider it. It can be a bit of a memory hog (just a spike), there is a persistent mode that helps that. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Lanard Sent: Friday, November 04, 2005 7:27 AM To: Declude.Virus@declude.com Subject: Re: [Declude.Virus] Second scanner When I upgraded to the pro version, I added ClamAV for phishing attempts (be sure to use the PRESCAN OFF directive) and AVG. The implementation of ClamAV for windows I used can be found at, ClamAV http://www.sosdg.org/clamav-win32/index.php David Dodell wrote: After many years of using Virus Standard, I upgraded to Virus Pro to take advantage of a second scanner. I've scanned the previous threads on what others like for a second scanner to F-Prot, but can't seem to find any common thread ... So I would appreciate what seems to be the next most popular virus scanner to run as a secondary scanner to F-Prot? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by the University of Georgia SBDC Email System.] -- Richard Lanard Information Technology Support University of Georgia Business Outreach Services /SBDC 1180 East Broad Street - Chicopee Complex Athens, Ga 30602-5412 phone: (706) 542-6774 fax: (706) 542-6776 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by the University of Georgia SBDC Email System.] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Second scanner
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: 4. november 2005 07:22 To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I use AVG as the second scanner and am happy with the results. Me too... I have not tried the windows version of ClamAV - the cygwin version did not run well in my setup. Regards, Kaj --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Second scanner
I use Mcafee and it has been great they tend to be amoung the top for getting updates out quick. However, it is very resource intensive. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Declude Log Parsers. David Dodell writes: After many years of using Virus Standard, I upgraded to Virus Pro to take advantage of a second scanner. I've scanned the previous threads on what others like for a second scanner to F-Prot, but can't seem to find any common thread ... So I would appreciate what seems to be the next most popular virus scanner to run as a secondary scanner to F-Prot? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Second scanner
I run both, AVG as second, Clam as third (and F-Prot as first) -Original Message- From: Kaj Søndergaard Laursen [mailto:[EMAIL PROTECTED] Sent: Friday, November 04, 2005 2:51 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: 4. november 2005 07:22 To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I use AVG as the second scanner and am happy with the results. Me too... I have not tried the windows version of ClamAV - the cygwin version did not run well in my setup. Regards, Kaj --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Second scanner
This raises a question(s): Has anyone done any real testing of which AVs (in relation to Declude) perform the best, use the least resources, what is the best scanning order, and how many to use (how many is too many and what is the point of diminishing returns)? I realize something like this could drive you drink, but the idea of having the most effective (most hits for least resources used)AV as one, then second best next, etc. (along with EXITSCANONVIRUSDETECT ON) is appealing. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hirthe, Alexander Sent: Friday, November 04, 2005 8:09 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I run both, AVG as second, Clam as third (and F-Prot as first) -Original Message- From: Kaj Søndergaard Laursen [mailto:[EMAIL PROTECTED] Sent: Friday, November 04, 2005 2:51 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: 4. november 2005 07:22 To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I use AVG as the second scanner and am happy with the results. Me too... I have not tried the windows version of ClamAV - the cygwin version did not run well in my setup. Regards, Kaj --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Second scanner
Oh, one quick follow up. AVG at some point after that test made some changes and ruined their results. This caused me to remove that scanner. I haven't revisited this testing since then so I am just assuming that AVG is slower than it showed there. Also, there was a follow up to that thread where Clam-AV in daemon mode was tested and found to be a very close second to F-Prot. Matt John Carter wrote: This raises a question(s): Has anyone done any real testing of which AVs (in relation to Declude) perform the best, use the least resources, what is the best scanning order, and how many to use (how many is too many and what is the point of diminishing returns)? I realize something like this could drive you drink, but the idea of having the most effective (most hits for least resources used)AV as one, then second best next, etc. (along with EXITSCANONVIRUSDETECT ON) is appealing. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hirthe, Alexander Sent: Friday, November 04, 2005 8:09 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I run both, AVG as second, Clam as third (and F-Prot as first) -Original Message- From: Kaj Sndergaard Laursen [mailto:[EMAIL PROTECTED]] Sent: Friday, November 04, 2005 2:51 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John T (Lists) Sent: 4. november 2005 07:22 To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I use AVG as the second scanner and am happy with the results. Me too... I have not tried the windows version of ClamAV - the cygwin version did not run well in my setup. Regards, Kaj --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Second scanner
I use F-Prot 1, McAfee 2, Clam 3 I use the Cygwin version of clam with runclamd and runclamscan. You'll find those at http://www.smartbusiness.net/imail/declude/ runclamd runs clam as a service. much faster. runclamscan returns a virus name to Declude Don't forget this is allowable: # # (2.0.6.16) This new directive, when added to the virus.cfg file, will cause Declude to stop calling # the remaining scanners after a virus has been detected. This directive has meaning only when there # is more than one scanner listed in the configuration file. The default behavior is for Declude to # call all scanners. # # EXITSCANONVIRUSDETECT ON As mentioned Prescan OFF will catch a majority of phishing attempts thought you will pay a performance penalty. # # Declude Virus Pro can pre-scan HTML files. If no dangerous code is detected, the # virus scanner will not get called. This can significantly cut down on CPU usage. # PRESCAN OFF - Original Message - From: David Dodell [EMAIL PROTECTED] To: declude.virus@declude.com Sent: Thursday, November 03, 2005 11:24 PM Subject: [Declude.Virus] Second scanner After many years of using Virus Standard, I upgraded to Virus Pro to take advantage of a second scanner. I've scanned the previous threads on what others like for a second scanner to F-Prot, but can't seem to find any common thread ... So I would appreciate what seems to be the next most popular virus scanner to run as a secondary scanner to F-Prot? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Second scanner
Thanks for info and link. I was searching the archives with little success. John From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Friday, November 04, 2005 9:09 AMTo: Declude.Virus@declude.comSubject: Re: [Declude.Virus] Second scanner I suppose that I might be obligated to answer this one.The short answer is that F-prot is the fastest, followed closely by Clam-AV in daemon mode, followed by McAfee followed by Clam-AV in non-daemon mode. EXITSCANONVIRUSDETECT ON shouldn't make much of a difference except for viruses that mail extraodinarily frequently as was the case a few times in the past, but viruses are such a small percentage of your overall mail volume that it shouldn't cause a noticeable change otherwise. I did test with PRESCAN OFF and found with two scanners, F-Prot and McAfee, that the CPU utilization went up by almost 50%, so this isn't recommended unless you have plenty of head room.For details of my tests on the scanners: http://www.mail-archive.com/declude.virus@declude.com/msg09001.htmlMattJohn Carter wrote: This raises a question(s): Has anyone done any real testing of which AVs (in relation to Declude) perform the best, use the least resources, what is the best scanning order, and how many to use (how many is too many and what is the point of diminishing returns)? I realize something like this could drive you drink, but the idea of having the most effective (most hits for least resources used)AV as one, then second best next, etc. (along with EXITSCANONVIRUSDETECT ON) is appealing. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hirthe, Alexander Sent: Friday, November 04, 2005 8:09 AM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I run both, AVG as second, Clam as third (and F-Prot as first) -Original Message- From: Kaj Søndergaard Laursen [mailto:[EMAIL PROTECTED]] Sent: Friday, November 04, 2005 2:51 PM To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John T (Lists) Sent: 4. november 2005 07:22 To: Declude.Virus@declude.com Subject: RE: [Declude.Virus] Second scanner I use AVG as the second scanner and am happy with the results. Me too... I have not tried the windows version of ClamAV - the cygwin version did not run well in my setup. Regards, Kaj --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] OT: From Phisher to just a fish
A 20 year old man goes from abusing phish to being abused as a fish: http://www.wired.com/news/print/0,1294,69480,00.html Andrew 8) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
[Declude.Virus] F-Prot zip vulnerability reported
Ouch. F-Prot is very popular on this group. This vulnerability may never turn into an exploit, but it's better that we keep abreast of issues like this. F-Prot Antivirus Lets Remote Users Bypass the Scanning Engine with Specially Crafted ZIP Files http://isc.sans.org/diary.php?storyid=820 The article mentions several other security products that have had recent issues. I just made a trip to the f-prot website and don't see any update. Not much of a surprise given that they were notified only a week ago. Andrew 8) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
