Trend Micro scanner in MS...
Hugo van der Kooij
hvdkooij at vanderkooij.org
Tue Nov 3 23:19:26 GMT 2009
On 11/02/09 22:19, Jameel Akari wrote:
> Slightly off-topic I suppose.
> Is anyone here using a current release of Trend's AV for Linux?
> I'm not directly finding anything in Trend's current products for Linux
> that provide command-line scanners which MailScanner are looking for
> (i.e. vscan).
> Instead you have "ServerProtect" which basically seems only on-access
> (with a kernel module, ugh) or "InterScan VirusWall" which seems to have
> 'isvw-scan' but needs a 4GB install of other junk I don't need in order
> to work.
> Am I missing something obvious here?
Yes. The fact that Trend Micro and other AV vendors know that there is
no way you can stop malware just by using signature detection the way
people used to think about malware scanning.
I know that Dr Web refuses to enter there product to enter any test that
is in effect just a static signature test.
ClamAV is old school in this regard as they still do signature scanning
instead of looking more into the behaviour of applications and how they
Because interaction with the OS is very important in this philosophy,
they focus on the weakest and most prolific OS at hand. And all the
serious AV vendors either work in that dirction or are moving towards
I did a test about 3 years ago and ploughed through 2 months worth of
samples and suspects and there were about 10000 new variants present.
With signature scanning you need 10000 signatues to get them. Perhaps
If you can detect behaviours and detect anomalies in them you may need
just 100 behaviour rules which all of them will break.
As far as signature scanning goes. ClamAV does an amazing job. But it
will be limited to the design of signature detection.
Signature detection in email may still work to a reasonable extend. But
it becomes highly unpractical in webbased slutions. And I think most
bots propogate themselves through websites. (Hijack a favicon, .....)
So now you know why there is now commandline scanner from Trend Micro.
It simply does not fit in their philosophy. And historically Trend Micro
is not the best in signature detection in my experience.
More information about the MailScanner