OT - Multiple Virus Scanners

Jon Bates jon.bates at summitmotors.com.au
Tue Aug 15 12:31:02 IST 2006


> Until recently we only had F-prot. Since this month we also use ClamAV.
> ClamAV gets more viruses than F-prot but they are mainly phishing
> attacks. Like this:
> ClamAV Module: msg-7834-833.html was infected: HTML.Phishing.Bank-626

> Other viruses are detected by both but F-prot often doesn't know what
> virus it is:
> F-Prot: ./k7F3rsPS018425/Thomas.zip->bvpqirlyfk.exe  could be a
> suspicious file (encrypted program in archive)
> While ClamAV mentions:
> ClamAV Module: msg-9011-774.html was infected: Worm.Bagle

> When only F-prot finds one it is usually an unknown virus too:
> F-Prot: ./k7F6ORPR032693/Ebay-Rechnung.pdf.zip->Ebay-Rechnung.pdf.exe
> could be infected with an unknown virus

> Of the 106 viruses detected today on one of our systems 56 were detected
> by both, 48 only by ClamAV and 2 only by F-prot. Of those 48 detected by
> only ClamAV only 1 was not a phishing attack. That one was infected
> with Worm.Lovgate.X (ClamAV name).


Wonderful. Thanks very much for your input guys. You've put me on the right
track. 
I think I'll weigh up the cost of implementing the ones that you've
mentioned and go from there. 
I've been spoiled by ClamAV - not having to pay a cent for excellent
protection on my mail servers (although we've since made a donation as a
token of thanks for an awesome product!). Unfortunately though, there isn't
many other decent free alternatives to use as a secondary scanner. Oh well!

Thanks again.

Jon



More information about the MailScanner mailing list