Accuracy of AV scanners
Hugo van der Kooij
hvdkooij at vanderkooij.org
Sun Oct 12 22:45:21 IST 2008
-----BEGIN PGP SIGNED MESSAGE-----
How many rely just on the AV scanner to stop malware in email?
I collected some older stuff and just let it parse through some scanners
again. These originated from the first half of 2007. I have run several
scanners over them untill september or october 2007 and then parked them
away for later investigation. (And I mean I propably ran most scanners a
dozen time or more and all of them being up-to-date up to the moment I
ran the scanners.)
Now I forgot about them untill I ran into them this weekend. So I
decided to feed them to the various AV engines again. And I get quite a
few hits now from the AV scanners that seemed to miss out on them last year.
If you run some RBL's on he MTA or later and use that to move the
garbage out of the mailbin and also use some other tests I guess you
will not see much pass your MailScanner setup. But AV canners alone will
surely not cathch them all.
I can give some more numbers once I have completed the rerun. But given
the amount of files it might take a few more days before I have them.
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the MailScanner