Accuracy of AV scanners

Martin.Hepworth martinh at solidstatelogic.com
Mon Oct 13 09:05:16 IST 2008


Hugo

As most virus scanners are signature based there's a time lag from the virus/malware appearing and the virus scanner on you machine finding it. (which is pretty obvious and you that).

I leave the default checks of executable blocks etc which saves me enough times to keep it and release valid executables when I need to.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Hugo van der Kooij
> Sent: 12 October 2008 22:45
> To: MailScanner discussion
> Subject: Accuracy of AV scanners
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> How many rely just on the AV scanner to stop malware in email?
>
> I collected some older stuff and just let it parse through
> some scanners again. These originated from the first half of
> 2007. I have run several scanners over them untill september
> or october 2007 and then parked them away for later
> investigation. (And I mean I propably ran most scanners a
> dozen time or more and all of them being up-to-date up to the
> moment I ran the scanners.)
>
> Now I forgot about them untill I ran into them this weekend.
> So I decided to feed them to the various AV engines again.
> And I get quite a few hits now from the AV scanners that
> seemed to miss out on them last year.
>
> If you run some RBL's on he MTA or later and use that to move
> the garbage out of the mailbin and also use some other tests
> I guess you will not see much pass your MailScanner setup.
> But AV canners alone will surely not cathch them all.
>
> I can give some more numbers once I have completed the rerun.
> But given the amount of files it might take a few more days
> before I have them.
>
> Hugo.
>
> - --
> hvdkooij at vanderkooij.org               http://hugo.vanderkooij.org/
> PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
>
> 	A: Yes.
> 	>Q: Are you sure?
> 	>>A: Because it reverses the logical flow of conversation.
> 	>>>Q: Why is top posting frowned upon?
>
> Bored? Click on http://spamornot.org/ and rate those images.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFI8m/vBvzDRVjxmYERAnj0AJ4yPweDv8dXw6JOvWNLPDPTjgFNjgCePd3e
> CaV/RoGIzjES57Q9aNEnvo4=
> =eCrs
> -----END PGP SIGNATURE-----
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the 
addressee only and may be confidential. If they come to you in error 
you must take no action based on them, nor must you copy or show them 
to anyone. Please advise the sender by replying to this e-mail 
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of 
the author and unless specifically stated to the contrary, are not 
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure 
communications medium and can be subject to data corruption. We advise 
that you consider this fact when e-mailing us. 
Viruses : We have taken steps to ensure that this e-mail and any 
attachments are free from known viruses but in keeping with good 
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales 
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
United Kingdom
**********************************************************************



More information about the MailScanner mailing list