subject:"RE\: \[Declude.Virus\] Internal Scanner missing most viruses"

RE: [Declude.Virus] Internal Scanner missing most viruses

2009-06-04 Thread Andy Schmidt

Hi Serge:

 

http://www.invariantsystems.com/dlanalyzer/

 

EXTREMELY helpful in assessing the performance of certain spam tests, seeing
which users are being targeted by viruses, which IP addresses are the top
spammers and which ones are virus sources.

 

And, you can generate per person or per domain reports to show a company how
effective you protect them.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Serge
Sent: Wednesday, June 03, 2009 6:42 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] Internal Scanner missing most viruses

 

Hello Andy

how are these reports generated ?

is this something built in into declude ? or some add on sw ?


TIA

 

- Original Message - 

From: Andy <mailto:andy_schm...@hm-software.com>  Schmidt 

To: declude.virus@declude.com 

Sent: Wednesday, June 03, 2009 12:58 PM

Subject: RE: [Declude.Virus] Internal Scanner missing most viruses

 

Hi,

 

With the new build, AVG is finally working again and catching most of the
viruses:

 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 21,119
Virus Infected Messages: 159
Percentage Infected: 0.75%


VIRUS

# INFECTED

PERCENTAGE



DOWNLOADER.GENERIC8.AQNV

132

0.63%



PAKES.DRC

12

0.06%



WIN32/CRYPTOR

9

0.04%



I-WORM/NETSKY.X

4

0.02%



WIN32/VIRUT.A

2

0.01%



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 21,119
Virus Infected Messages: 3
Percentage Infected: 0.01%


VIRUS

# INFECTED

PERCENTAGE



TROJAN.ZBOT-3428

3

0.01%



 


Virus Scanner Summary Report (McAfee VirusScan)


Total Messages Processed: 21,119
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 13, 2009 11:45 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

 

Hi,

 

For a while, AVG was doing an adequate job - but recently it again has been
missing virtually all infected emails that ClamAV and the trusted McAfee are
identifying.

 

I inspected several of the held files - and each one clearly was a life
virus (e.g., inside a ZIP attachment etc.)

 



 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 21,157
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 21,157
Virus Infected Messages: 3
Percentage Infected: 0.01%


VIRUS

# INFECTED

PERCENTAGE



SUSPECT.DOUBLEEXTENSION-ZIPPWD-2

2

0.01%



WORM.BAGLE-1

1

0.00%



 


Virus Scanner Summary Report (McAfee VirusScan)


Total Messages Processed: 21,157
Virus Infected Messages: 29
Percentage Infected: 0.14%


VIRUS

# INFECTED

PERCENTAGE



TROJAN OR VARIANT NEW MALWARE.JJ !!!

22

0.10%



PWS-ZBOT TROJAN !!!

7

0.03%



 

Best Regards,

Andy


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.<>

RE: [Declude.Virus] Internal Scanner missing most viruses

2009-06-03 Thread Andy Schmidt

Hi,

 

With the new build, AVG is finally working again and catching most of the
viruses:

 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 21,119
Virus Infected Messages: 159
Percentage Infected: 0.75%


VIRUS

# INFECTED

PERCENTAGE



DOWNLOADER.GENERIC8.AQNV

132

0.63%



PAKES.DRC

12

0.06%



WIN32/CRYPTOR

9

0.04%



I-WORM/NETSKY.X

4

0.02%



WIN32/VIRUT.A

2

0.01%



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 21,119
Virus Infected Messages: 3
Percentage Infected: 0.01%


VIRUS

# INFECTED

PERCENTAGE



TROJAN.ZBOT-3428

3

0.01%



 


Virus Scanner Summary Report (McAfee VirusScan)


Total Messages Processed: 21,119
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 13, 2009 11:45 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

 

Hi,

 

For a while, AVG was doing an adequate job - but recently it again has been
missing virtually all infected emails that ClamAV and the trusted McAfee are
identifying.

 

I inspected several of the held files - and each one clearly was a life
virus (e.g., inside a ZIP attachment etc.)

 



 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 21,157
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 21,157
Virus Infected Messages: 3
Percentage Infected: 0.01%


VIRUS

# INFECTED

PERCENTAGE



SUSPECT.DOUBLEEXTENSION-ZIPPWD-2

2

0.01%



WORM.BAGLE-1

1

0.00%



 


Virus Scanner Summary Report (McAfee VirusScan)


Total Messages Processed: 21,157
Virus Infected Messages: 29
Percentage Infected: 0.14%


VIRUS

# INFECTED

PERCENTAGE



TROJAN OR VARIANT NEW MALWARE.JJ !!!

22

0.10%



PWS-ZBOT TROJAN !!!

7

0.03%



 

Best Regards,

Andy


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.<>

RE: [Declude.Virus] Internal Scanner missing most viruses

2009-05-15 Thread Andy Schmidt

Hi Andrew:

 

>> scanner being the main line of defense is dead . . . it's just that most
people don't know it yet<<

 

Well - today there were 80 or so infected emails that would have gone
through. While AV scanning may not be the "main line", it certainly is still
a crucial element. Just ONE email raises the chance that some uninformed end
user and one of our customers could get their entire network taken over and
could cost man-days to rebuild systems that were infected by root-kits.

 

Look at last night's statistics - the "bad guys" certainly knew "how to
beat" AVG. But my other two scanners are NOT beaten - and that's my daily
experience. So there is a pattern here that just can't be ignored!

 

My thinking is - ClamAV and McAfee are being updated many times daily
(because I control the updating process) - so any new virus variants are
caught quickly.  I have no control over how often AVG is being updated?  If
they are only updated daily, then (in today's times) that rendering AVG
worthless. What's even more disconcerting is the fact that some of these
missed virus names appear for days at a time - so even AFTER a daily update,
AVG is missing those.

 

I'm not impressed by whatever "comparisons" were taken a year or more ago.
Version numbers mean very little. The key is the date/timestamp of the
signature file.  You can get any comparison result you want, if you don't
use the most current hourly signature files for each product.

 

I have no hidden agenda - but I can tell you that in all the years that I've
been watching this, AVG is easily been outperformed by the other two
scanners I use, at least for the mix of viruses that MY many hundreds of end
users are targeted with.

 

 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 22,303
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 22,303
Virus Infected Messages: 154
Percentage Infected: 0.69%


VIRUS

# INFECTED

PERCENTAGE



EMAIL.TROJAN-99

88

0.39%



HTML.PHISHING.BANK-218

28

0.13%



EMAIL.TROJAN-98

12

0.05%



EMAIL.PHISHING.BANK-101

8

0.04%



SUSPECT.DOUBLEEXTENSION-ZIPPWD-2

8

0.04%



WORM.BAGLE-1

7

0.03%



WORM.BAGLE-ZIPPWD-24

2

0.01%



HTML.PHISHING.BANK-1127

1

0.00%



 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck,
Andrew
Sent: Thursday, May 14, 2009 7:19 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

 

http://www.processor.com/editorial/article.asp?article=articles/P3110/25p10/
25p10.asp

 

"The day of the [AV] scanner being the main line of defense is dead . . .
it's just that most people don't know it yet," says AVG's Thompson. Last
year alone, AVG added more than 650,000 signatures to its antivirus engine.
"There are 20,000 to 30,000 unique binary samples every day. The bad guys
know how to beat a scanner."

 

Interesting and timely commentary.

 

For what it's worth, I find the blocking options in Declude Virus to be as
useful as the actual scanner, but I don't have the hard numbers to back up
that statement.

 

I do have to depend on the scanners when the bad guys use malware PDFs or
other documents. In general, the bad guys have taught email users to be
surprised if they can send a program or even a script via email.

 

 

Andrew.

 

 

 

 

  _  

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Wednesday, May 13, 2009 11:44 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

Andy,

 

The process of virus signatures being made available is an automated process
this issue was already resolved in January as I said it would be. As soon as
virus definitions are available from AVG they become available to Declude
users. As you can see with the data that we have provided regarding AVG the
signature file date is matches yours which is 5/13/2009. The bottom line is
AVG did not detect this specific virus.  

 

Here is some data from tests done last year with regard different AV
scanners and their accuracy, again this data is about 1 year old but it can
give you a good idea. Another option is to consider using our offering of
Commtouch which has the ZEROHOUR
http://www.commtouch.com/zero-hour-virus-outbreak-protection-sdk  protection
against new viruses. 

 

Rank 

1. G DATA 2008 version 18.2.7310.844 - 99.05% 

2. F-Secure 2008 version 8.00.103 - 98.75% 

3. TrustPort version 2.8.0.1835 - 98.06% 

4. Kaspersky version 8.0.0.357 - 97.95% 

5. eScan version 9.0.742.1 - 97.44% 

6. The Shield 2008 - 97.43% 

7. AntiVir version 8.1.00.331 Premium - 97.13% 

8.

Re: [Declude.Virus] Internal Scanner missing most viruses

2009-05-13 Thread David Dodell


G DATA


Never heard of this G DATA that was at the top of the list ... anyone  
familiar if they offer a command line scanner that will work with  
Declude?


David



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] Internal Scanner missing most viruses

2009-05-13 Thread Andy Schmidt

Hi Dave,

 

No problem. 5 viruses have been sent to your Support email address - each of
which was detected by either ClamAV, the secondary scanner, or if ClamAV
missed it, then at least McAfee the "last resort" scanner.

 

Best Regards,

Andy

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Wednesday, May 13, 2009 12:27 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

 

Hi Andy,

 

If you are having issues please submit a support ticket supp...@declude.com
with any appropriate information so we can look into this for you. 

 

Thanks

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
 <mailto:dbar...@declude.com> dbar...@declude.com

 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 13, 2009 11:45 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

 

Hi,

 

For a while, AVG was doing an adequate job - but recently it again has been
missing virtually all infected emails that ClamAV and the trusted McAfee are
identifying.

 

I inspected several of the held files - and each one clearly was a life
virus (e.g., inside a ZIP attachment etc.)

 



 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 21,157
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 21,157
Virus Infected Messages: 3
Percentage Infected: 0.01%


VIRUS

# INFECTED

PERCENTAGE



SUSPECT.DOUBLEEXTENSION-ZIPPWD-2

2

0.01%



WORM.BAGLE-1

1

0.00%



 


Virus Scanner Summary Report (McAfee VirusScan)


Total Messages Processed: 21,157
Virus Infected Messages: 29
Percentage Infected: 0.14%


VIRUS

# INFECTED

PERCENTAGE



TROJAN OR VARIANT NEW MALWARE.JJ !!!

22

0.10%



PWS-ZBOT TROJAN !!!

7

0.03%



 

Best Regards,

Andy


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.<>

RE: [Declude.Virus] Internal Scanner missing most viruses

2009-05-13 Thread David Barker

Hi Andy,

 

If you are having issues please submit a support ticket supp...@declude.com
with any appropriate information so we can look into this for you. 

 

Thanks

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
  dbar...@declude.com

 

 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
Sent: Wednesday, May 13, 2009 11:45 AM
To: declude.virus@declude.com
Subject: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

 

Hi,

 

For a while, AVG was doing an adequate job - but recently it again has been
missing virtually all infected emails that ClamAV and the trusted McAfee are
identifying.

 

I inspected several of the held files - and each one clearly was a life
virus (e.g., inside a ZIP attachment etc.)

 



 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 21,157
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 21,157
Virus Infected Messages: 3
Percentage Infected: 0.01%


VIRUS

# INFECTED

PERCENTAGE



SUSPECT.DOUBLEEXTENSION-ZIPPWD-2

2

0.01%



WORM.BAGLE-1

1

0.00%



 


Virus Scanner Summary Report (McAfee VirusScan)


Total Messages Processed: 21,157
Virus Infected Messages: 29
Percentage Infected: 0.14%


VIRUS

# INFECTED

PERCENTAGE



TROJAN OR VARIANT NEW MALWARE.JJ !!!

22

0.10%



PWS-ZBOT TROJAN !!!

7

0.03%



 

Best Regards,

Andy


---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".The archives can be found
at http://www.mail-archive.com.<>

RE: [Declude.Virus] Internal Scanner missing most viruses

RE: [Declude.Virus] Internal Scanner missing most viruses

RE: [Declude.Virus] Internal Scanner missing most viruses

Re: [Declude.Virus] Internal Scanner missing most viruses

RE: [Declude.Virus] Internal Scanner missing most viruses

RE: [Declude.Virus] Internal Scanner missing most viruses

6 matches

Site Navigation

Mail list logo

Footer information