Educause Security Discussion mailing list archives
Re: Exchange Server Virus Scanning
From: Graham Toal <gtoal () UTPA EDU>
Date: Fri, 17 Feb 2006 10:40:14 -0600
Mmmm, I think you may have missed the point. That being, speedy updates are not always as relevant as you might think.
Well, the same av-test.org tests show something interesting: ( http://www.pcmag.com/article2/0,1895,1850851,00.asp ) There were 6 different programs released to exploit MS05-039 some time back; McAffee only detected 2 of the 6 proactively, i.e. before signatures were updated. Given the numbers of all of these that were floating around, it only took one variant to slip past to create a damned nuisance. The heuristic scanning is dodgy at best and a pain in the rear at worst, when it picks up false positives. I do agree that retroactively chasing specific binaries through signatures is doomed in the long term, but I don't think that anything McAffee is currently doing is a good alternative; at least not good enough to recommend them over other AV vendors with better response times. Graham
Current thread:
- Re: Exchange Server Virus Scanning, (continued)
- Re: Exchange Server Virus Scanning Lucas, Bryan (Feb 16)
- Re: Exchange Server Virus Scanning Wehner, Paul (wehnerpl) (Feb 16)
- Re: Exchange Server Virus Scanning Flagg, Martin D. (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Michael_Maloney (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Wehner, Paul (wehnerpl) (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Hall, Rand (Feb 17)
- Re: Exchange Server Virus Scanning Tim Rhoades (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Alan Amesbury (Feb 17)
- Re: Exchange Server Virus Scanning Graham Toal (Feb 17)
- Re: Exchange Server Virus Scanning Jeremy Mooney (Feb 17)