On Fri, October 20, 2006 4:50 pm, Noel Jones wrote: > At 05:50 PM 10/20/2006, Dennis Peterson wrote: >> It is a morphing problem so the question is, is ClamAV >> moving with it? I don't know and thought it worth asking. I still >> don't know. > > Most likely no one had submitted a sample of that virus > previously. Since the author tested it on VirusTotal, it would have > been auto submitted to the clamav signature team and likely detected > within hours of his initial test. Since we don't have the exact file > in question, we can't confirm just when it was submitted or added. > > Yes, clamav-devel-20060429 is a little old, although that > probably isn't a factor in this case (but we'll never know). The > signature file was apparently current at the time of the test. > > Words of wisdom: > Clamav has an impressive track record of quickly detecting > current malware circulating via email. It is frequently (but certainly > not always) among the first scanners with signature updates for new > viruses. This is one such case where other products detected a virus > that clamav missed. It would have been interesting if the author had > tried rescanning the file at some regular interval to see when other > products did start to recognize it. Clamav depends on community > support for submitting undetected viruses.
Now that would be a virus scanner review worth reading: - how many viruses were found upon initial install? - how many of the undetected ones were found after updating the definition files? - how many of the still undetected ones were found after 1 day? one week? two weeks? a month? - how long until all viruses were detected? Would require a good sampling of viruses, a bunch of machines, and a lot of time to do correctly, though. ---- Freddie Cash, LPIC-2 CCNT CCLP Helpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] [EMAIL PROTECTED] _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
