Accuracy of AV scanners
Scott Silva
ssilva at sgvwater.com
Tue Oct 14 22:57:50 IST 2008
on 10-12-2008 2:45 PM Hugo van der Kooij spake the following:
> Hi,
>
> How many rely just on the AV scanner to stop malware in email?
>
> I collected some older stuff and just let it parse through some scanners
> again. These originated from the first half of 2007. I have run several
> scanners over them untill september or october 2007 and then parked them
> away for later investigation. (And I mean I propably ran most scanners a
> dozen time or more and all of them being up-to-date up to the moment I
> ran the scanners.)
>
> Now I forgot about them untill I ran into them this weekend. So I
> decided to feed them to the various AV engines again. And I get quite a
> few hits now from the AV scanners that seemed to miss out on them last year.
>
> If you run some RBL's on he MTA or later and use that to move the
> garbage out of the mailbin and also use some other tests I guess you
> will not see much pass your MailScanner setup. But AV canners alone will
> surely not cathch them all.
>
> I can give some more numbers once I have completed the rerun. But given
> the amount of files it might take a few more days before I have them.
>
> Hugo.
>
I also block and quarantine by content. I can't begin to count the times that
something was caught by content type and by the time I can check the
quarantine, the signatures have caught up.
I block executables, encrypted archives, movie files, dangerous files like
emf's and eps.
All can be released by me to intended recip. if they contact me and in the
case of movie files, can prove that they are work related. All other crap can
be sent to personal mail accounts and checked from home.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081014/6721e708/signature.bin
More information about the MailScanner
mailing list