RE: [Declude.Virus] Force AVG update
So here is how it works. AVG releases a virus signature update on average once per day. By default Declude will check with the AVG definitions server once per 24 hour period or at every start of the Decludeproc service. As the time of this check is different for everyone we give Declude the ability to do checks on a more regular basis which is defined in the Declude.cfg #Ability to configure the built-in AVG update interval which checks for updates. Minimum is 1 hour. AVGUPDATEFREQHRS12 Then, at the end of the day we parse the logs and associate the information with our website. So the information on the website from your HOST record as to whether you virus signatures are updated can in fact be at the most 48 hours difference. The best way to check the virus signature date is to get the time/date on the files in the \declude\scanners\avg\db directory at least one of the files should be today or yesterdays date. As the way the virus signature files are incremental, they are distributed to the other files so as to provide the most efficient file size for download. Secondly, if you are running Commtouch. This is a ZERHOUR virus scanner that is able to detect virus' without definitions and is real-time, you can read more about it here: http://commtouch.com/Site/products/zero_hour.asp To get stats on AV accuracy compared to other scanners you can visit here: http://commtouch.com/Site/ResearchLab/VirusLab/virusLab_docs.asp Declude supports up to 5 additional external scanners. Declude has the key functionality to enable the use of an external scanner as a email server scanner. You are mistaken if you think you can use a regular network virus scanner as your email scanner there is a reason your AV vendors have a separate product for mail servers and average $3-5$ per user. So if you have 1000 users the cost $3000 Here are some thoughts on why using Declude is better than your traditional virus scanners when it comes to email: 1. There are a number of mailserver anti-virus solutions available today. However, many of them involve an unnecessary SMTP server chain. This means that E-mail comes in to one SMTP server, is scanned for viruses, and then goes to another SMTP server which processes the mail in the usual fashion. Most mail server virus scanners have no way of authenticating users. If you have an SMTP-based virus scanner, you can have users authenticate against the real mail server. However, by doing this, the E-mail bypasses the virus scanner. If you allow that, you are allowing viruses though your server. With Declude, we scan every message. 2. The Decoder the piece that Declude handles requires (among other things) handling numerous encoding schemes, recursive MIME segments, and even viewable non-text MIME segments (such as HTML, that needs to be scanned, even though it isn't an attachment). MIME is very complex, and even leading mail server manufacturers often have troubles handling MIME segments properly. We know MIME and encoding schemes inside and out, Declude can handle the most sophisticated MIME segments. 3. A vulnerability is a security flaw in a program. You may have heard about some of the more common mail client vulnerabilities, such as the Outlook MIME Headers vulnerability (where a virus can be run automatically with certain versions of Outlook). While these are bad, a standard mailserver virus scanner will catch viruses that exploit these vulnerabilities. However, there is another serious type of vulnerability that has recently been discovered: mail server vulnerabilities that allow viruses to bypass mailserver virus scanners! For example, the Outlook 'MIME segment in MIME preamble' vulnerability causes Outlook to see viruses that don't actually exist in an E-mail. In this case, a mail client (or mailserver virus scanner) that properly decodes the E-mail will not see an attachment. However, Outlook will incorrectly see an attachment. When a virus uses this type of vulnerability, it will bypass a standard mailserver virus scanner, and get delivered to the recipient! That's why you should use Declude Virus: it detects these vulnerabilities. Since it detects them, Declude Virus will be able to catch new viruses that use the vulnerabilities, where standard mailserver virus scanners won't be able to catch them. You can read more about vulnerabilities here: http://www.declude.com/articles.asp?id=219 At the end of the day it is about value and $$ I am still confident that with Declude we still offer the best value for the least $$. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Saturday, December 27, 2008 3:08 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Force AVG update Well, most scanners will require much more expensive licenses, e.g., a license per
RE: [Declude.Virus] Force AVG update
Hi, The general experience has been (as reported by several individuals in two different lists over the past 3 months), that the Declude AVG updates are frequently 48 hours behind - which means they are only effective for old viruses. I even posted the stats for several days where it showed that every few days new viruses were being caught by my secondary scanner (McAfee), which truly does have hourly updates - and would have been passed through to my desktops if I had relied on Decludes AVG scanner. I have the feeling that changing your poll time from 4 hours to 2 will only mean that you'll be finding out twice as often that they have a 2-day old update. I'm curious what the answer is - but somewhere in the back of my head I think I had previously read that Declude will occasionally get updates from AVG which in turn you get from them. If my recollection/understanding is accurate, then the real frequency is controlled by Declude's server, not yours. Best Regards, Andy -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Dodell Sent: Saturday, December 27, 2008 10:00 AM To: declude.virus@declude.com Subject: [Declude.Virus] Force AVG update Anyway to force declude to update the AVG files ... my dates run from 12/17 to 12/23 ... are these really current dates? David (I have my update frequency set at every 2 hrs) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Force AVG update
On Dec 27, 2008, at 9:59 AM, Andy Schmidt wrote: Hi, The general experience has been (as reported by several individuals in two different lists over the past 3 months), that the Declude AVG updates are frequently 48 hours behind - which means they are only effective for old viruses. I even posted the stats for several days where it showed that every few days new viruses were being caught by my secondary scanner (McAfee), which truly does have hourly updates - and would have been passed through to my desktops if I had relied on Decludes AVG scanner. Then I guess, is it worth for me to renew my Declude support ... things run pretty much very smoothly now, the spam tests are all external engines, and was only keeping Declude update to get the AVG updates ... with budget cuts, maybe I should be investing into a secondary scanner versus a Declude contract? What can I get for the same pricing $395 or less since this is all we have budgeted. David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Force AVG update
The updates are currently 4 days behind... I believe that fetching and approving the updates from AVG, then publishing them on the Declude server is a manual process that Declude support staff must perform, and that it's not a reliable process. I think it best that we consider the AVG scanner to be ok at best and if we want very good we need to invest the money and CPU time in at least one other scanner engine. Andrew. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Saturday, December 27, 2008 9:00 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Force AVG update Hi, The general experience has been (as reported by several individuals in two different lists over the past 3 months), that the Declude AVG updates are frequently 48 hours behind - which means they are only effective for old viruses. I even posted the stats for several days where it showed that every few days new viruses were being caught by my secondary scanner (McAfee), which truly does have hourly updates - and would have been passed through to my desktops if I had relied on Decludes AVG scanner. I have the feeling that changing your poll time from 4 hours to 2 will only mean that you'll be finding out twice as often that they have a 2-day old update. I'm curious what the answer is - but somewhere in the back of my head I think I had previously read that Declude will occasionally get updates from AVG which in turn you get from them. If my recollection/understanding is accurate, then the real frequency is controlled by Declude's server, not yours. Best Regards, Andy -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Dodell Sent: Saturday, December 27, 2008 10:00 AM To: declude.virus@declude.com Subject: [Declude.Virus] Force AVG update Anyway to force declude to update the AVG files ... my dates run from 12/17 to 12/23 ... are these really current dates? David (I have my update frequency set at every 2 hrs) --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Force AVG update
Well, most scanners will require much more expensive licenses, e.g., a license per mailbox, etc. The Declude anti-virus license is a good deal - if they would just get the technology working right! -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Dodell Sent: Saturday, December 27, 2008 2:15 PM To: declude.virus@declude.com Subject: Re: [Declude.Virus] Force AVG update On Dec 27, 2008, at 9:59 AM, Andy Schmidt wrote: Hi, The general experience has been (as reported by several individuals in two different lists over the past 3 months), that the Declude AVG updates are frequently 48 hours behind - which means they are only effective for old viruses. I even posted the stats for several days where it showed that every few days new viruses were being caught by my secondary scanner (McAfee), which truly does have hourly updates - and would have been passed through to my desktops if I had relied on Decludes AVG scanner. Then I guess, is it worth for me to renew my Declude support ... things run pretty much very smoothly now, the spam tests are all external engines, and was only keeping Declude update to get the AVG updates ... with budget cuts, maybe I should be investing into a secondary scanner versus a Declude contract? What can I get for the same pricing $395 or less since this is all we have budgeted. David --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
