Difference in virus scanners????

Gerry Doris gdoris at ROGERS.COM
Sun Aug 22 02:24:25 IST 2004


On Sat, 21 Aug 2004, Julian Field wrote:

> At 22:44 21/08/2004, you wrote:
> >I tried manually scanning 6362 files that are in the MailScanner
> >quarantine directory using ClamAV, Trend, and F-Prot.  I got some very
> >different results.  Does anyone know why there should be such a
> >difference?
> >
> >Each of the scanners checked the same files.  However, they reported back
> >the following results:
> >
> >ClamAV - 31 infected files
> >Trend - 61 infected files (76 including compressed files)
> >F-Prot - 46 infected files + 6 suspicious files
>
> It would be interesting to see the differences between the lists of
> detected viruses.
> A possibility is that F-Prot and/or Trend are finding both infected
> archives and infected files within those archives, which ClamAV may be just
> reporting as one infection.
> --
> Julian Field

I ran the scans again and have attached the output for ClamAV and F-Prot.
The output for Trend is really verbose and was over 750k which is too much
for the list.

I'm totally confused at what I'm seeing.  It looks like some of the
scanners are counting both an I-Frame exploit and a Worm in the same
message???

--
Gerry

"The lyfe so short, the craft so long to learne"  Chaucer

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).



    [ Part 2, Application/OCTET-STREAM (Name: "fprot")  1.6KB. ]
    [ Unable to print this part. ]


    [ Part 3, Application/OCTET-STREAM (Name: "clam")  1.6KB. ]
    [ Unable to print this part. ]




More information about the MailScanner mailing list