Difference in virus scanners????

Gerry Doris gdoris at ROGERS.COM
Sat Aug 21 22:44:08 IST 2004 

I tried manually scanning 6362 files that are in the MailScanner
quarantine directory using ClamAV, Trend, and F-Prot.  I got some very
different results.  Does anyone know why there should be such a
difference?

Each of the scanners checked the same files.  However, they reported back
the following results:

ClamAV - 31 infected files
Trend - 61 infected files (76 including compressed files)
F-Prot - 46 infected files + 6 suspicious files


Details follow....

ClamAV Results
--------------------------------------
Scan started: Sat Aug 21 17:19:19 2004

-- summary --
Known viruses: 23583
Scanned directories: 45
Scanned files: 6362
Infected files: 31
Data scanned: 23.57 MB
I/O buffer size: 131072 bytes
Time: 33.975 sec (0 m 33 s)

************************************************************

Virus Scanner v3.1, VSAPI v7.000-1011
Trend Micro Inc. 1996,1997
        Pattern version 160
        Pattern number 70212
Directory:
        Searched : 45
File:
        Searched : 6362
            Scan : 6361
        Infected : 61
        Infected : 76(Include files been compressed)
Time:
        Start : 8/21/04 17:16:18
         Stop : 8/21/04 17:17:51
         Used : 01:33

************************************************************

Virus scanning report  -  21 August 2004 @ 17:15

F-PROT ANTIVIRUS
Program version: 4.4.2
Engine version: 3.14.11

VIRUS SIGNATURE FILES
SIGN.DEF created 18 August 2004
SIGN2.DEF created 18 August 2004
MACRO.DEF created 16 August 2004

Search: quarantine
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER
Results of virus scanning:

Files: 6362
MBRs: 0
Boot sectors: 0
Objects scanned: 6522
Infected: 46
Suspicious: 6
Disinfected: 0
Deleted: 0
Renamed: 0

Time: 1:03


--
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list