OT - Multiple Virus Scanners
Peter Peters
P.G.M.Peters at utwente.nl
Tue Aug 15 08:55:33 IST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Rudd wrote on 15-8-2006 9:26:
> My opinion is: if you can run 2, do it. Always good to have an extra
> layer of defense, but don't cause more overhead than you need to.
>
> ClamAV is a _great_ choice for your first pass.
Until recently we only had F-prot. Since this month we also use ClamAV.
ClamAV gets more viruses than F-prot but they are mainly phishing
attacks. Like this:
ClamAV Module: msg-7834-833.html was infected: HTML.Phishing.Bank-626
Other viruses are detected by both but F-prot often doesn't know what
virus it is:
F-Prot: ./k7F3rsPS018425/Thomas.zip->bvpqirlyfk.exe could be a
suspicious file (encrypted program in archive)
While ClamAV mentions:
ClamAV Module: msg-9011-774.html was infected: Worm.Bagle
When only F-prot finds one it is usually an unknown virus too:
F-Prot: ./k7F6ORPR032693/Ebay-Rechnung.pdf.zip->Ebay-Rechnung.pdf.exe
could be infected with an unknown virus
Of the 106 viruses detected today on one of our systems 56 were detected
by both, 48 only by ClamAV and 2 only by F-prot. Of those 48 detected by
only ClamAV only 1 was not a phishing attack. That one was infected
with Worm.Lovgate.X (ClamAV name).
- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE4X31elLo80lrIdIRAr++AKCFNFLmaC4n+Fk/34vD5tiGuPOHdwCcDO3a
yiyzORGXZ5t612qmjuW4YEs=
=jeAj
-----END PGP SIGNATURE-----
More information about the MailScanner
mailing list