Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: I trusted clamav for a long time but ran across an interesting problem today. I received an e-mail from a friend that included a powerpoint. I opened the powerpoint in linux and wine flagged it as a virus (not sure how wine knew there was a virus...can anyone enlighten me on that?). I scanned it with clamav and it said the file was ok. I scanned it with norton and it came up as being infected. I updated clamAV and tried again, same results..the file was ok. I was just curious if anyone else has ran into this type of problem? I dont want to ditch clamAV but i have to do whats best for the business. -Sean- Things like this occur frequently, and not just with clamav. If you have a file that is not detected, you should submit it so that a signature can be included in future updates. Also, whats best for the business is to run multiple virus scanners and not rely on a single one. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
On Fri, March 2, 2007 11:25 am, Sean Pinegar said: > > I trusted clamav for a long time but ran across an interesting problem > today. I received an e-mail from a friend that included a powerpoint. I > opened the powerpoint in linux and wine flagged it as a virus (not sure > how wine knew there was a virus...can anyone enlighten me on that?). I > scanned it with clamav and it said the file was ok. I scanned it with > norton and it came up as being infected. I updated clamAV and tried > again, same results..the file was ok. I was just curious if anyone else > has ran into this type of problem? I dont want to ditch clamAV but i have > to do whats best for the business. No virus checker can find all viruses, all the time, and any may have false positives from time to time. If you believe there really is a virus in that file, I would suggest you submit it to the ClamAV team so they can add it to their database. There will be times ClamAV finds a virus Norton cannot, and vice-versa. On the average, ClamAV seems to be the finder more often than not. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
thanks for the replies. I know that sometimes one scanner will find a file that the other wont i was just curious if clamAV tends to not find viruses that norton finds. Thanks again for your reply Daniel...a couple other people tried to make me sound like i had no clue how a virus scanner worked. > Date: Fri, 2 Mar 2007 11:43:03 -0500 > Subject: Re: [Clamav-users] clamav vs norton > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > > > On Fri, March 2, 2007 11:25 am, Sean Pinegar said: > > > > I trusted clamav for a long time but ran across an interesting problem > > today. I received an e-mail from a friend that included a powerpoint. I > > opened the powerpoint in linux and wine flagged it as a virus (not sure > > how wine knew there was a virus...can anyone enlighten me on that?). I > > scanned it with clamav and it said the file was ok. I scanned it with > > norton and it came up as being infected. I updated clamAV and tried > > again, same results..the file was ok. I was just curious if anyone else > > has ran into this type of problem? I dont want to ditch clamAV but i have > > to do whats best for the business. > > No virus checker can find all viruses, all the time, and any may have > false positives from time to time. > > If you believe there really is a virus in that file, I would suggest you > submit it to the ClamAV team so they can add it to their database. > > There will be times ClamAV finds a virus Norton cannot, and vice-versa. > On the average, ClamAV seems to be the finder more often than not. > > Daniel T. Staal > > --- > This email copyright the author. Unless otherwise noted, you > are expressly allowed to retransmit, quote, or otherwise use > the contents for non-commercial purposes. This copyright will > expire 5 years after the author's death, or in 30 years, > whichever is longer, unless such a period is in excess of > local copyright law. > --- > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: thanks for the replies. I know that sometimes one scanner will find a file that the other wont i was just curious if clamAV tends to not find viruses that norton finds. Thanks again for your reply Daniel...a couple other people tried to make me sound like i had no clue how a virus scanner worked. I think you just sounded like you were prepared to make draconian decisions based on a sample of one. All the advice given is valid regardless of the AV vendor. You don't yet know if you have a false positive with Norton or a missed virus with ClamAV, so you really have no basis to make any decision. I'd suggest submitting your file to several AV vendors and see what happens. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
The file has been submitted. Thank you. > Date: Fri, 2 Mar 2007 08:55:35 -0800 > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] clamav vs norton > > Sean Pinegar wrote: > > thanks for the replies. I know that sometimes one scanner will find a > > file that the other wont i was just curious if clamAV tends to not > > find viruses that norton finds. Thanks again for your reply > > Daniel...a couple other people tried to make me sound like i had no > > clue how a virus scanner worked. > > I think you just sounded like you were prepared to make draconian > decisions based on a sample of one. All the advice given is valid > regardless of the AV vendor. You don't yet know if you have a false > positive with Norton or a missed virus with ClamAV, so you really have > no basis to make any decision. I'd suggest submitting your file to > several AV vendors and see what happens. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
In this case, was the file really infected or did Norton throw a false positive? At this point, we really don't know which product is producing an error. How about downloading AVG and scanning this file again?( they have free and trial versions) Lyle Jim Maul wrote: Sean Pinegar wrote: I trusted clamav for a long time but ran across an interesting problem today. I received an e-mail from a friend that included a powerpoint. I opened the powerpoint in linux and wine flagged it as a virus (not sure how wine knew there was a virus...can anyone enlighten me on that?). I scanned it with clamav and it said the file was ok. I scanned it with norton and it came up as being infected. I updated clamAV and tried again, same results..the file was ok. I was just curious if anyone else has ran into this type of problem? I dont want to ditch clamAV but i have to do whats best for the business. -Sean- Things like this occur frequently, and not just with clamav. If you have a file that is not detected, you should submit it so that a signature can be included in future updates. Also, whats best for the business is to run multiple virus scanners and not rely on a single one. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Lyle Giese wrote: In this case, was the file really infected or did Norton throw a false positive? At this point, we really don't know which product is producing an error. How about downloading AVG and scanning this file again?( they have free and trial versions) Lyle There are also vendor services that will test a file in real time via a web page. It produces quicker results and doesn't clutter your hard drive with demo products. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Scan the file online with virusscan.jotti.org or www.virustotal.com At 10:45 AM 3/2/2007, Lyle Giese wrote: In this case, was the file really infected or did Norton throw a false positive? At this point, we really don't know which product is producing an error. How about downloading AVG and scanning this file again?( they have free and trial versions) Lyle Jim Maul wrote: Sean Pinegar wrote: I trusted clamav for a long time but ran across an interesting problem today. I received an e-mail from a friend that included a powerpoint. I opened the powerpoint in linux and wine flagged it as a virus (not sure how wine knew there was a virus...can anyone enlighten me on that?). I scanned it with clamav and it said the file was ok. I scanned it with norton and it came up as being infected. I updated clamAV and tried again, same results..the file was ok. I was just curious if anyone else has ran into this type of problem? I dont want to ditch clamAV but i have to do whats best for the business. -Sean- Things like this occur frequently, and not just with clamav. If you have a file that is not detected, you should submit it so that a signature can be included in future updates. Also, whats best for the business is to run multiple virus scanners and not rely on a single one. -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: The file has been submitted. Thank you. Something else to consider is that your mail system has a max size for files it will submit for scanning, and that this file was larger than that max size. Just something to look for in trying to debug the failure. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: > I trusted clamav for a long time but ran across an interesting problem today. > I received an e-mail from a friend that included a powerpoint. I opened the > powerpoint in linux and wine flagged it as a virus (not sure how wine knew > there was a virus...can anyone enlighten me on that?). I scanned it with > clamav and it said the file was ok. I scanned it with norton and it came up > as being infected. Bit late joining this... but submit the file to one of these sites... and you'll hopefully get a clearer picture... maybe ;) http://www.virustotal.com/ http://virusscan.jotti.org/ http://scanner.virus.org/ They scan a single file with various anti-virus software and give you a result. As no single virus scanner gives you 100% protection on every malware type, right from 0 hour... the above services can be useful. Cheers, Steve ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
Im confused by this e-mail. Can you explain further? > Date: Fri, 2 Mar 2007 09:08:19 -0800 > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] clamav vs norton > > Sean Pinegar wrote: > > The file has been submitted. Thank you. > > > > Something else to consider is that your mail system has a max size for > files it will submit for scanning, and that this file was larger than > that max size. Just something to look for in trying to debug the failure. > > dp > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamav vs norton
Thank you, i will bookmark these now. The virus did turn up on 2 different virus scanners so i submitted it to ClamAV. > Date: Fri, 2 Mar 2007 17:28:30 + > From: [EMAIL PROTECTED] > To: clamav-users@lists.clamav.net > Subject: Re: [Clamav-users] clamav vs norton > > > > Sean Pinegar wrote: > > I trusted clamav for a long time but ran across an interesting problem > > today. I received an e-mail from a friend that included a powerpoint. I > > opened the powerpoint in linux and wine flagged it as a virus (not sure how > > wine knew there was a virus...can anyone enlighten me on that?). I scanned > > it with clamav and it said the file was ok. I scanned it with norton and it > > came up as being infected. > Bit late joining this... but submit the file to one of these sites... > and you'll hopefully get a clearer picture... maybe ;) > > http://www.virustotal.com/ > http://virusscan.jotti.org/ > http://scanner.virus.org/ > > They scan a single file with various anti-virus software and give you a > result. As no single virus scanner gives you 100% protection on every > malware type, right from 0 hour... the above services can be useful. > > Cheers, > > Steve > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
On 3/2/07 8:25 AM, "Sean Pinegar" <[EMAIL PROTECTED]> wrote: > I trusted clamav for a long time but ran across an interesting problem today. > I received an e-mail from a friend that included a powerpoint. I opened the > powerpoint in linux and wine flagged it as a virus (not sure how wine knew > there was a virus...can anyone enlighten me on that?). I scanned it with > clamav and it said the file was ok. I scanned it with norton and it came up as > being infected. I updated clamAV and tried again, same results..the file was > ok. I was just curious if anyone else has ran into this type of problem? I > dont want to ditch clamAV but i have to do whats best for the business. Depending on what your user population is, it is quite possible that a large fraction of them run Norton on their machines. So their overall protection is better if you *don't* run Norton, but something else. (Adjust for what your user population actually does.) --John ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean Pinegar wrote: Im confused by this e-mail. Can you explain further? When email arrives on your system a process accepts it from the mail server and submits it to clamav for scanning. Those interfaces are configurable, and one of the options is to not scan files that exceed a certain length. The reason for doing so is to prevent your AV scanner from being bogged down by huge files along with the fact that most viruses are rather small. It is not without risk, but many sites are not prepared to scan thousands of 20 mb files all day long. If your system has such a configuration and it is set too low then ClamAV will not have scanned your file at all. It is all supposition that would require validation of your configuration, of course, but is something to consider. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav vs norton
Sean wrote I trusted clamav for a long time but ran across an interesting problem today. You aren't looking at the other side of that coin. You can bet (I see it rather frequently) that there are times that clamav catches a virus that norton does not! Don't throw the baby out with the bathwater It is for this very reason that inbound mail in setups that I design passes through two different AV packages. I used to think this was rather silly, until a situation arose where I had to have inbound mail go through two different AV packages (my proposed front-end and the customers existing backend). After watching the logs on both packages, I noticed that it was actually pretty frequent/routine that clamav would catch something the other package didn't AND VICE-VERSA. Now I always design in two AV packages - I have learned it is not silly at all. Jay West ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
