OT: F-Prot

Glenn Steen glenn.steen at gmail.com
Mon Mar 19 11:10:11 CET 2007


On 19/03/07, Drew Marshall <drew at technologytiger.net> wrote:
> On 19 Mar 2007, at 09:09, Fabio Pedretti wrote:
>
> > Hi, I recently upgraded some servers from f-prot 4.5.4 (with mail
> > server licence) to clamav 0.90.1 and I am very satisfied. I am also
> > using additional signatures from http://www.sanesecurity.com/
> > clamav/ for filtering also phishing and scam mails. I suggest you
> > to try clamav before buying a licence for a commercial AV.
>
> I run Clam and Bit Defender already but I want to put a commercial
> scanner into the mix too but thanks for your wise comments :-)
>
> Drew

Wise in what way? Advocating single AV? "Don't go there, there be
Dragons...":-).
We had a "drive-by-download" incident rather recently where the much
lauded ClamAV happened to be the _least_ effective of the trio
BitDefender, McAfee(!) and ClamAV ... After less than 24 hours BDC
caugth all viruses on the box, McAfee three (of seven), ClamAV none
... eigth days after the incident (despite reporting all) it still
only caught three wile McAfee had moved up to five and BDC still got
them all (just some by specific signatures that initially were
"BehavesLike:" things). At the initial "outbreak" the AV on the box
(McAfee) thought one file might be suspicious, and that (together with
very restrictive FW rules) alerted us to the situation.

It is _always_ better to have more than one engine/set of
signatures/methods running at your perimeter... But you knew this
already, just preaching to the choir:-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list