OT: F-Prot

Drew Marshall drew at technologytiger.net
Mon Mar 19 13:01:25 CET 2007 

On Mon, March 19, 2007 10:10, Glenn Steen wrote:
> On 19/03/07, Drew Marshall <drew at technologytiger.net> wrote:
>> On 19 Mar 2007, at 09:09, Fabio Pedretti wrote:
>>
>> > Hi, I recently upgraded some servers from f-prot 4.5.4 (with mail
>> > server licence) to clamav 0.90.1 and I am very satisfied. I am also
>> > using additional signatures from http://www.sanesecurity.com/
>> > clamav/ for filtering also phishing and scam mails. I suggest you
>> > to try clamav before buying a licence for a commercial AV.
>>
>> I run Clam and Bit Defender already but I want to put a commercial
>> scanner into the mix too but thanks for your wise comments :-)
>>
>> Drew
>
> Wise in what way? Advocating single AV?

No, the use of ClamAV. Which is usually pretty good and being Open Source,
great value for money.

> "Don't go there, there be Dragons...":-).

Indeed!

> We had a "drive-by-download" incident rather recently where the much
> lauded ClamAV happened to be the _least_ effective of the trio
> BitDefender, McAfee(!) and ClamAV ... After less than 24 hours BDC
> caugth all viruses on the box, McAfee three (of seven), ClamAV none
> ... eigth days after the incident (despite reporting all) it still
> only caught three wile McAfee had moved up to five and BDC still got
> them all (just some by specific signatures that initially were
> "BehavesLike:" things). At the initial "outbreak" the AV on the box
> (McAfee) thought one file might be suspicious, and that (together with
> very restrictive FW rules) alerted us to the situation.
>
> It is _always_ better to have more than one engine/set of
> signatures/methods running at your perimeter...

Yes, and another breed at the desktop.

> But you knew this already, just preaching to the choir:-)

It's always worth reminding the choir. From time to time they too will
wander from the path but are usually the easiest brought back on track ;-)

Drew


-- 
In line with our policy, this message has been scanned 
for viruses and dangerous content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy

Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ

More information about the MailScanner mailing list