RE: [Declude.Virus] Internal Scanner missing most viruses
Hi Serge: http://www.invariantsystems.com/dlanalyzer/ EXTREMELY helpful in assessing the performance of certain spam tests, seeing which users are being targeted by viruses, which IP addresses are the top spammers and which ones are virus sources. And, you can generate per person or per domain reports to show a company how effective you protect them. Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Serge Sent: Wednesday, June 03, 2009 6:42 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Internal Scanner missing most viruses Hello Andy how are these reports generated ? is this something built in into declude ? or some add on sw ? TIA - Original Message - From: Andy mailto:andy_schm...@hm-software.com Schmidt To: declude.virus@declude.com Sent: Wednesday, June 03, 2009 12:58 PM Subject: RE: [Declude.Virus] Internal Scanner missing most viruses Hi, With the new build, AVG is finally working again and catching most of the viruses: Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 21,119 Virus Infected Messages: 159 Percentage Infected: 0.75% VIRUS # INFECTED PERCENTAGE DOWNLOADER.GENERIC8.AQNV 132 0.63% PAKES.DRC 12 0.06% WIN32/CRYPTOR 9 0.04% I-WORM/NETSKY.X 4 0.02% WIN32/VIRUT.A 2 0.01% Virus Scanner Summary Report (ClamAV) Total Messages Processed: 21,119 Virus Infected Messages: 3 Percentage Infected: 0.01% VIRUS # INFECTED PERCENTAGE TROJAN.ZBOT-3428 3 0.01% Virus Scanner Summary Report (McAfee VirusScan) Total Messages Processed: 21,119 Virus Infected Messages: 0 Percentage Infected: 0.00% VIRUS # INFECTED PERCENTAGE No Records Matched Your Criteria Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 13, 2009 11:45 AM To: declude.virus@declude.com Subject: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal Hi, For a while, AVG was doing an adequate job - but recently it again has been missing virtually all infected emails that ClamAV and the trusted McAfee are identifying. I inspected several of the held files - and each one clearly was a life virus (e.g., inside a ZIP attachment etc.) Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 21,157 Virus Infected Messages: 0 Percentage Infected: 0.00% VIRUS # INFECTED PERCENTAGE No Records Matched Your Criteria Virus Scanner Summary Report (ClamAV) Total Messages Processed: 21,157 Virus Infected Messages: 3 Percentage Infected: 0.01% VIRUS # INFECTED PERCENTAGE SUSPECT.DOUBLEEXTENSION-ZIPPWD-2 2 0.01% WORM.BAGLE-1 1 0.00% Virus Scanner Summary Report (McAfee VirusScan) Total Messages Processed: 21,157 Virus Infected Messages: 29 Percentage Infected: 0.14% VIRUS # INFECTED PERCENTAGE TROJAN OR VARIANT NEW MALWARE.JJ !!! 22 0.10% PWS-ZBOT TROJAN !!! 7 0.03% Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.image001.png
RE: [Declude.Virus] Internal Scanner missing most viruses
Hi Andrew: scanner being the main line of defense is dead . . . it's just that most people don't know it yet Well - today there were 80 or so infected emails that would have gone through. While AV scanning may not be the main line, it certainly is still a crucial element. Just ONE email raises the chance that some uninformed end user and one of our customers could get their entire network taken over and could cost man-days to rebuild systems that were infected by root-kits. Look at last night's statistics - the bad guys certainly knew how to beat AVG. But my other two scanners are NOT beaten - and that's my daily experience. So there is a pattern here that just can't be ignored! My thinking is - ClamAV and McAfee are being updated many times daily (because I control the updating process) - so any new virus variants are caught quickly. I have no control over how often AVG is being updated? If they are only updated daily, then (in today's times) that rendering AVG worthless. What's even more disconcerting is the fact that some of these missed virus names appear for days at a time - so even AFTER a daily update, AVG is missing those. I'm not impressed by whatever comparisons were taken a year or more ago. Version numbers mean very little. The key is the date/timestamp of the signature file. You can get any comparison result you want, if you don't use the most current hourly signature files for each product. I have no hidden agenda - but I can tell you that in all the years that I've been watching this, AVG is easily been outperformed by the other two scanners I use, at least for the mix of viruses that MY many hundreds of end users are targeted with. Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 22,303 Virus Infected Messages: 0 Percentage Infected: 0.00% VIRUS # INFECTED PERCENTAGE No Records Matched Your Criteria Virus Scanner Summary Report (ClamAV) Total Messages Processed: 22,303 Virus Infected Messages: 154 Percentage Infected: 0.69% VIRUS # INFECTED PERCENTAGE EMAIL.TROJAN-99 88 0.39% HTML.PHISHING.BANK-218 28 0.13% EMAIL.TROJAN-98 12 0.05% EMAIL.PHISHING.BANK-101 8 0.04% SUSPECT.DOUBLEEXTENSION-ZIPPWD-2 8 0.04% WORM.BAGLE-1 7 0.03% WORM.BAGLE-ZIPPWD-24 2 0.01% HTML.PHISHING.BANK-1127 1 0.00% From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, Andrew Sent: Thursday, May 14, 2009 7:19 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal http://www.processor.com/editorial/article.asp?article=articles/P3110/25p10/ 25p10.asp The day of the [AV] scanner being the main line of defense is dead . . . it's just that most people don't know it yet, says AVG's Thompson. Last year alone, AVG added more than 650,000 signatures to its antivirus engine. There are 20,000 to 30,000 unique binary samples every day. The bad guys know how to beat a scanner. Interesting and timely commentary. For what it's worth, I find the blocking options in Declude Virus to be as useful as the actual scanner, but I don't have the hard numbers to back up that statement. I do have to depend on the scanners when the bad guys use malware PDFs or other documents. In general, the bad guys have taught email users to be surprised if they can send a program or even a script via email. Andrew. _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, May 13, 2009 11:44 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal Andy, The process of virus signatures being made available is an automated process this issue was already resolved in January as I said it would be. As soon as virus definitions are available from AVG they become available to Declude users. As you can see with the data that we have provided regarding AVG the signature file date is matches yours which is 5/13/2009. The bottom line is AVG did not detect this specific virus. Here is some data from tests done last year with regard different AV scanners and their accuracy, again this data is about 1 year old but it can give you a good idea. Another option is to consider using our offering of Commtouch which has the ZEROHOUR http://www.commtouch.com/zero-hour-virus-outbreak-protection-sdk protection against new viruses. Rank 1. G DATA 2008 version 18.2.7310.844 - 99.05% 2. F-Secure 2008 version 8.00.103 - 98.75% 3. TrustPort version 2.8.0.1835 - 98.06% 4. Kaspersky version 8.0.0.357 - 97.95% 5. eScan version 9.0.742.1 - 97.44% 6. The Shield 2008 - 97.43% 7. AntiVir version 8.1.00.331 Premium - 97.13% 8. Ashampoo version 1.61 - 97.09% 9. Ikarus version 1.0.82 - 96.05% 10. AntiVir version 8.1.00.295 Classic - 95.54% 11. AVG version 8.0.100 Free - 94.85% 12
RE: [Declude.Virus] Internal Scanner missing most viruses
Hi Andy, If you are having issues please submit a support ticket supp...@declude.com with any appropriate information so we can look into this for you. Thanks David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 13, 2009 11:45 AM To: declude.virus@declude.com Subject: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal Hi, For a while, AVG was doing an adequate job - but recently it again has been missing virtually all infected emails that ClamAV and the trusted McAfee are identifying. I inspected several of the held files - and each one clearly was a life virus (e.g., inside a ZIP attachment etc.) Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 21,157 Virus Infected Messages: 0 Percentage Infected: 0.00% VIRUS # INFECTED PERCENTAGE No Records Matched Your Criteria Virus Scanner Summary Report (ClamAV) Total Messages Processed: 21,157 Virus Infected Messages: 3 Percentage Infected: 0.01% VIRUS # INFECTED PERCENTAGE SUSPECT.DOUBLEEXTENSION-ZIPPWD-2 2 0.01% WORM.BAGLE-1 1 0.00% Virus Scanner Summary Report (McAfee VirusScan) Total Messages Processed: 21,157 Virus Infected Messages: 29 Percentage Infected: 0.14% VIRUS # INFECTED PERCENTAGE TROJAN OR VARIANT NEW MALWARE.JJ !!! 22 0.10% PWS-ZBOT TROJAN !!! 7 0.03% Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.image001.png
RE: [Declude.Virus] Internal Scanner missing most viruses
Hi Dave, No problem. 5 viruses have been sent to your Support email address - each of which was detected by either ClamAV, the secondary scanner, or if ClamAV missed it, then at least McAfee the last resort scanner. Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, May 13, 2009 12:27 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal Hi Andy, If you are having issues please submit a support ticket supp...@declude.com with any appropriate information so we can look into this for you. Thanks David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 13, 2009 11:45 AM To: declude.virus@declude.com Subject: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal Hi, For a while, AVG was doing an adequate job - but recently it again has been missing virtually all infected emails that ClamAV and the trusted McAfee are identifying. I inspected several of the held files - and each one clearly was a life virus (e.g., inside a ZIP attachment etc.) Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 21,157 Virus Infected Messages: 0 Percentage Infected: 0.00% VIRUS # INFECTED PERCENTAGE No Records Matched Your Criteria Virus Scanner Summary Report (ClamAV) Total Messages Processed: 21,157 Virus Infected Messages: 3 Percentage Infected: 0.01% VIRUS # INFECTED PERCENTAGE SUSPECT.DOUBLEEXTENSION-ZIPPWD-2 2 0.01% WORM.BAGLE-1 1 0.00% Virus Scanner Summary Report (McAfee VirusScan) Total Messages Processed: 21,157 Virus Infected Messages: 29 Percentage Infected: 0.14% VIRUS # INFECTED PERCENTAGE TROJAN OR VARIANT NEW MALWARE.JJ !!! 22 0.10% PWS-ZBOT TROJAN !!! 7 0.03% Best Regards, Andy --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.image001.png
Re: [Declude.Virus] Internal Scanner missing most viruses
G DATA Never heard of this G DATA that was at the top of the list ... anyone familiar if they offer a command line scanner that will work with Declude? David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
