RE: [Declude.Virus] Which scanner?
Hi Dave, Not at the moment but we can look at adding this request to our dev list. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Dodell Sent: Saturday, February 06, 2010 9:43 PM To: declude.virus@declude.com Subject: [Declude.Virus] Which scanner? In my email reports, is there a way to also signify which scanner caught the virus; ie internal vs one of the external scanners? so my reports now look like; Declude Virus v4.6.35 caught the following: Virus Name: Sanesecurity.Junk.26145.UNOFFICIAL Virus File: Unknown File From: lyris-nore...@listhost.stat.com To : junkm...@stat.com Date: 06 Feb 2010 17:10:56 Subject:Re: You have spam Spool File: D050a00d3693b.smd RemoteIP: 65.163.175.26 SenderHost: listhost.stat.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
[Declude.Virus] Which scanner?
In my email reports, is there a way to also signify which scanner caught the virus; ie internal vs one of the external scanners? so my reports now look like; Declude Virus v4.6.35 caught the following: Virus Name: Sanesecurity.Junk.26145.UNOFFICIAL Virus File: Unknown File From: lyris-nore...@listhost.stat.com To : junkm...@stat.com Date: 06 Feb 2010 17:10:56 Subject:Re: You have spam Spool File: D050a00d3693b.smd RemoteIP: 65.163.175.26 SenderHost: listhost.stat.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Which Scanner is "BEST"
$200 Now I am really confused. Yes less than $200. I was thinking less than $100 (I know that is less than $200 b4 the comments start flying ) F-Prot is $50 for 10 Windows copies. What version of AVG is needed? With Mcafee it seems you can use the $29 copies to get the Command line scanner and scheduler installed, no?? All this requires yearly updates as well. Does the Symantec NAVC command line scanner work for anyone? It is Old as hell and does not work on W2K for me. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, March 11, 2004 12:55 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Which Scanner is "BEST" DC.. The one most people use is F-Prot and a lot also use AVG For less than $200 you can have both of them running using Declude Virus Pro version. Some people are now also experimenting with Clam which is free and it can be used as your 3rd scanner. With the new features that Scott has added for banning password protected Zips and banned extensions inside zips you are pretty well covered. Use more than one scanner if you can afford it.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn Sent: Thursday, March 11, 2004 12:43 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Which Scanner is "BEST" Thanks But I am interested in what is best with Declude. DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Thursday, March 11, 2004 12:41 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Which Scanner is "BEST" Here's a good article on that subject, and it references some research from AV-Test.org. http://itmanagement.earthweb.com/columns/executive_tech/article.php/3316511 Key in that article is the average time to update for 4 viruses in February: H:M Anti-Virus Program 06:51 Kaspersky 08:21 Bitdefender 08:45 Virusbuster 09:08 F-Secure 09:16 F-Prot 09:16 RAV 09:24 AntiVir 10:31 Quickheal 10:52 InoculateIT-CA 11:30 Ikarus 12:00 AVG 12:17 Avast 12:22 Sophos 12:31 Dr. Web 13:06 Trend Micro 13:10 Norman 13:59 Command 14:04 Panda 17:16 Esafe 24:12 A2 26:11 McAfee 27:10 Symantec 29:45 InoculateIT-VET Kaspersky seems to be doing a lot of things good these days. I'm not sure about how it works with Declude. F-Prot has had a series of glitches in the last 6 months, but together with file type blocking in Declude Virus (BANEXT), you should be pretty well protected. Matt Douglas Cohn wrote: >I am new to Declude and have the standard Version. I understand that I >can use only I AV scanner and I am torn between F-Prot and NOD32. > >I like F-prot because I understand they are quick at updates plus they >allow you to schedule auto updates as often as you like. > >I like NOD32 because I have read many many posts claiming that they are >simply the best at new sigs and their heuristics are supposedly >excellent. > >But I want to do what experience has shown to be the best with Declude >so I am posting here. > >Can I get some feedback on what Scanner is the overall best in >conjunction with declude. Ease of use and maintenance is big with me >as I have minimal time left to manage this. > >Thanks in advance. > >Doug > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.Virus mailing list. To unsubscribe, >just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.Virus".The archives can be found >at http://www.mail-archive.com. > > > > -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http:/
RE: [Declude.Virus] Which Scanner is "BEST"
What is F-Protect?? Is that F-Prot??? I went to the F-secure website and they offer a command line scanner. Oddly enough it is Frisk software's F-Prot. What is up with that, anyone know? DC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, March 12, 2004 3:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Which Scanner is "BEST" > http://www.pcwelt.de/news/viren_bugs/37827/2.html > > The above German link shows who is fastest on updates... > found this via ClamAV which is rated 5th. AVG is first. > F-Protect is ninth, but 17, 18, 1nd 19 are Trend, McAfee, and > Symantec. Interesting observations. > > ClamAV (free), AVG, and F-Protect are the most reasonably priced or > free and work great with Declude. There is also another page showing the same table for MyDoom http://www.pcwelt.de/news/viren_bugs/37278/4.html Looks like the response times changes significative and only an average value for multiple new discovered viruses are usefull. So the table Matt posted are more telling, but I can't understand the >24 hours for Symantec and Mcafee. Keep in mind, this is an average value! Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which Scanner is "BEST"
My experience with McAfee. It then calculates the time between each virus being first spotted somewhere in the world by the MessageLabs consulting group and the time when each anti-virus service has a working fix available to the public (not counting beta versions available only to testers). The Extra.dat files are Not Beta and are available to the public, but are not counted. The Daily DATs are Beta, so are excluded by choice. They are available to the public, not just testers only. These version are always available Very fast. (usually by the time I see copies arriving) While these are handy for those of us who keep watch (over companies and mail servers), they are normally installed manually. Automated installs are usually just for the regular DATs. When a virus is found in large numbers in the wild, it is given a Medium or High risk. Then McAfee will break their weekly update cycle and release the DAT file ASAP. I do feel they have been too slow on a couple of the recent virus to raise it to Medium. (but that's 3 or 4 out of the 30+ recent wild pests). If the virus has been around for a while, then goes Medium, the DATs are released in a couple of hours. If the virus goes straight to Medium (spammed release), then it's normally 4 to 6 hours from outbreak (arriving in my mail boxes) to regular DAT release. For the last year or 2 McAfee has discussed doing fully tested Regular DATs (daily or at least several times per week). I guessing that when the dust settles from the current wave of viruses, they will be changing their cycle. Greg Little --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Which Scanner is "BEST"
Hi, The problem (as with this German article) is, that most people are judging the McAfee response time by the availability of a virus specific "EXTRA.DAT". In many cases, that file is only published after the threat level warrants it. People need to get the DAILY.DAT. They are updated several times DAILY and in my personal observation (by comparing messages posted on this forum against the time when I found the virus in my logs), new viruses are detected as quickly if not faster than most competitors. Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Friday, March 12, 2004 03:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] Which Scanner is "BEST" > http://www.pcwelt.de/news/viren_bugs/37827/2.html > > The above German link shows who is fastest on updates... > found this via ClamAV which is rated 5th. AVG is first. > F-Protect is ninth, but 17, 18, 1nd 19 are Trend, McAfee, and > Symantec. Interesting observations. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
Duh. I see now. Interesting - in this one (below) Scanner 1 (F-Prot) reported Lentin and Scanner 2 (McAfee) says Yaha. I see what you mean now about no advantage of order of scanner. I was kinda wondering if scanner 1 found something, whether it invoked the second scanner or just went ahead and handled the virus processing. Would that speed things up any (skipping #2 if #1 found a virus)? There would be a very slight increase in processing speed. However, since all legitimate E-mails are scanned twice, scanning an E-mail with a virus twice doesn't add any unexpected load. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
Duh. I see now. Interesting - in this one (below) Scanner 1 (F-Prot) reported Lentin and Scanner 2 (McAfee) says Yaha. I see what you mean now about no advantage of order of scanner. I was kinda wondering if scanner 1 found something, whether it invoked the second scanner or just went ahead and handled the virus processing. Would that speed things up any (skipping #2 if #1 found a virus)? TGIF & Thanks, John 12/06/2002 11:11:03 Qda0e4a6301ee7871 Outlook 'MIME Header' Vulnerability: type=audio/x-wav, name=friendscr.scr. 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanner 1: Virus=: W32/Lentin.F@mm Attachment=friendscr.scr [1] I 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanner 2: Virus= the W32/Yaha.g@MM virus !!! Attachment=friendscr.scr [1] I 12/06/2002 11:11:04 Qda0e4a6301ee7871 File(s) are INFECTED [13] 12/06/2002 11:11:04 Qda0e4a6301ee7871 Scanned: CONTAINS A VIRUS [Prescan OK][MIME: 2 29617] 12/06/2002 11:11:04 Qda0e4a6301ee7871 From: [EMAIL PROTECTED] To: ***@jcjc.edu 12/06/2002 11:11:04 Qda0e4a6301ee7871 Subject: Fw: Wonderfool stuff to ur friends R. Scott Perry wrote: When we are running two scanners, is there a way to know which one caught a particular virus? And if knowing that one caught more than the other, would there be an advantage of placing it first in the sequence? If you use LOGLEVEL MID, you'll see in the logs which scanner detected the virus. The order in which they are run shouldn't matter, as far as Declude Virus is concerned -- just so long as one or both catch the virus, the E-mail will be quarantined. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Which scanner caught it??
When we are running two scanners, is there a way to know which one caught a particular virus? And if knowing that one caught more than the other, would there be an advantage of placing it first in the sequence? If you use LOGLEVEL MID, you'll see in the logs which scanner detected the virus. The order in which they are run shouldn't matter, as far as Declude Virus is concerned -- just so long as one or both catch the virus, the E-mail will be quarantined. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus".The archives can be found at http://www.mail-archive.com.