Re: Exchange Server Virus Scanning

[Graham Toal <gtoal () UTPA EDU>]

> Mmmm, I think you may have missed the point. That being,
> speedy updates are not always as relevant as you might think.

Well, the same av-test.org tests show something interesting:
( http://www.pcmag.com/article2/0,1895,1850851,00.asp )

There were 6 different programs released to exploit MS05-039
some time back; McAffee only detected 2 of the 6 proactively,
i.e. before signatures were updated.  Given the numbers of
all of these that were floating around, it only took one
variant to slip past to create a damned nuisance.

The heuristic scanning is dodgy at best and a pain in the
rear at worst, when it picks up false positives.

I do agree that retroactively chasing specific binaries
through signatures is doomed in the long term, but I
don't think that anything McAffee is currently doing is
a good alternative; at least not good enough to recommend
them over other AV vendors with better response times.


Graham