SOT: AntiVirus Software

[Glenn Steen]

On 26/01/07, Scott Silva <ssilva at sgvwater.com> wrote:
> Matt Kettler spake the following on 1/25/2007 3:11 PM:
> > Glenn Steen wrote:
> >> On 25/01/07, Scott Silva <ssilva at sgvwater.com> wrote:
> >>>> The free version still includes this statement in it;
> >>>>
> >>>>     Thank  you  for  choosing  to  install  the  freeware version of
> >>>>     BitDefender for Linux Console Free Edition. It can be used  free
> >>>>     of  charge.  It is fully functional and without any restrictions
> >>>>     regarding the licensed version of the product.
> >>>>
> >>>> I'm not a lawyer, but it looks like it is still free.
> >>>>
> >>> Looking at my logs, it doesn't seem to be hitting anything here lately.
> >>> Especially the new Trojan.Downloader-??? that clam has been getting
> >>> since last
> >>> weekend. Even a scan of the quarantined file shows nothing. Even
> >>> McAfee is
> >>> getting these!
> >>>
> >>> I guess it is time to hit the flusher on Bitdefender.
> >>>
> >> Still seems to be on par with mcafee here.... which isn't saying that
> >> much:-):-)
> >>
> >> Cheers
> >
> >
> > It seems in recent months both sides of the clamav and bitdefender hits have
> > diverged considerably.
> >
> > Let's look at some numbers from my system. Note I've excluded "HTML-Phishing"
> > matches by clamav from this, as that's not something BitDefender (aka bdc) looks
> > for.
> >
> >
> > Dec 1, 2006-today:
> > messages with viruses found by clam but not bdc: 142
> > messages with viruses found by bdc but clam: 148
> >
> > Looks like both bdc and clam are catching about the same number of messages that
> > the other missed..
> >
> >
> >
> > July 1, 2006 - Dec 1, 2006
> > clam not bdc: 39
> > bdc not clam: 30
> >
> > Note that in the previous 5 months, these numbers were MUCH smaller. This tells
> > me that in the past clam and bdc both matched most of the same messages.
> > However, recently, that's changed and a lot more viruses are coming out that are
> > only caught by one of the two.
> >
> > This might be due to an increase in how fast viruses mutate, I'm not sure.
> > However, clearly BitDefender is still doing a lot of good here, catching several
> > things clam is missing.
> >
>
> My volume is still low enough to leave it running. I think I am dumping most
> of the viruses with blacklists, as my hit rate is very low. And MailScanner is
> catching them by filetype rules even when the virus scanners miss.
>
Yeah, that mirrors my situation. Just judging from the very few facts
I can glean from all the crap that never reaches MailScanner, I'd say
your hypothesis could well be right Scott.

Thanks for the stats Matt!
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se