Dear Valdis,
Interesting, have you compared your results with another scanner ? If
you just scan with ClamAV
you can't obviously really tell what you missed that other scanners found.
On Wed, Feb 20, 2008 at 11:59 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Wed, 20 Feb 2008 17:48:10 +0300, Eygene Ryabinkin said:
> Tue, Feb 19, 2008 at 07:46:35PM +0100, Faas M. Mathiasen wrote:
> > ClamAV ? Lowest detection rate in the industry,
>
> Possibly... Where is the statistics?
Let's inject a little bit of actual reality here, shall we?
When you look at the crap that *actually arrives*, the vast majority of it is
so old that almost *everything* should be catching it. Our main mailscanner
hub statistics for last week:
Date: Mon, 18 Feb 2008 01:12:02 -0500
Weekly Virus Summary
3581 Total Virus Detections
Breakdown by Virus Family:
692 MYDOOM (19.32%)
615 PUSHDO (17.17%)
605 NETSKY (16.89%)
302 MYTOB ( 8.43%)
286 IFRAME ( 7.99%)
149 VIRUT ( 4.16%)
143 BUGBEAR ( 3.99%)
135 ( 3.77%)
123 NYXEM ( 3.43%)
112 SALITY ( 3.13%)
97 ZAFI ( 2.71%)
77 BAGLE ( 2.15%)
65 LOVGATE ( 1.82%)
42 DLOADR ( 1.17%)
25 ENCPK ( 0.7%)
17 PUSHU ( 0.47%)
15 DUMARU ( 0.42%)
There we go. The top 17 accounted for 3,500 out of 3,581 of the detects,
or 97.7% of them. And before you ask, yes, I'm pretty sure there weren't any
floods of fail-to-detects caused by some new unknown in the last week, or it
would have been all over the various security lists. OK, so maybe 2 dozen
or so missed detects got through. However...
Once you get to 95% or 97% on the e-mail scanning, your user community is
much more in danger of getting nailed by something they got off a P2P net
or a drive-by fruiting from some website they visited.
