From: Sergey Akhapkin (no email)
Date: Wed Oct 02 2002 - 10:01:58 EDT
Hello Graham,
Wednesday, October 2, 2002, 2:49:09 AM, you wrote:
GH> [This is way off topic so this is my last email about Dr. Web]
GH> I never received your e-mail so I am responding using another post.
In first time, I'd answer only in postfix-users list.
>> > Hmmm, You wrong again. DrWeb database contain a 30k VIRUSFOUNDING
>> > RECORDS. But some of records able to detect whole family of some
>> > viruses (10 and more viruses). It's common mistake, that 1 record
>> > detect 1 virus. In most case 1 record == N viruses. I think, that
>> VirusBulletin
>> > does not award DrWeb with 6 VB100% in last two year if DrWeb
>> > was able detects only 30k viruses from 75k. :)
>> > (Source: http://www.virusbtn.com/vb100/archives/products.xml?table,
>> > looks DialogueScience entry).
GH> The Virus Bulletin tests have nothing to do with quantity of
GH> viruses in the database.
I've already explain to you (and all), that 1 records isnt equal to 1
virus. It's wrong. In most cases record is not a single virus
signature (very very old av-technology), it's detecting algorithm.
Such way allows to detect whole families of viruses, to have fast
engine and compact updates.
GH> They are used for only detecting the latest viruses. See the
GH> introduction. http://www.virusbtn.com/vb100/ So it is possible to
GH> build a virus scanner that just detects the "wildlist" and get a
GH> VB 100% award.
Yes, VB100% award including only detection on "in-the-wild"
collection, but if you read VB journal, you know that VB uses not only
"itw" viruses, in parallel with main "itw" testing they do full test
on collections of polymorthic, standard and macro viruses. Full
results are accessible only to VB subscribers.
Are you "VirusBulletin" subscriber ?
>> > I believe, that no one of av-vendor cannot answer "How much viruses is
>> > known by their product".
GH> Sophos does.
Official URL, please.
GH> Symantec does.
I've found only:
http://securityresponse.symantec.com/avcenter/download.html
Intelligent Updater:
Virus Definitions created October 1
Virus Definitions released October 1
Norton AntiVirus Corp. Edition Defs Version: 41001h
Norton AntiVirus Corp. Edition Sequence Number: 19022
Total Viruses Detected: 62171
LiveUpdate:
Virus Definitions released September 30
Norton AntiVirus Corp. Edition Defs Version: 40930i
Norton AntiVirus Corp. Edition Sequence Number: 19002
Total Viruses Detected: 62168
GH> Others also...
After short-time search, I cannot found official info on NAI (McAfee),
CAI, TrendMicro, CentralCommand (Vexira). May be you know URLs ?
No one of av-vendor doesnt say EXACT number of viruses, that can be
detected by their product, because each of vendor has a record with
"generic" of "based" record that detects members of a virus-family,
but exact members isnt known.
Examples:
1) McAfee
http://vil.nai.com/vil/content/v_99273.htm
Exploit-MIME.gen Corporate User : Medium
[skip]
Virus Characteristics:
This generic detection covers email message files which exploit the
Microsoft Incorrect MIME Header vulnerability. This vulnerability
allows attached executable files to be run when a message is simply
viewed. Several common viruses make use of this exploit, including
W32/Badtrans at MM, W32/Nimda dot gen at MM, and W32/Klez dot gen at MM dot
[skip]
2) Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen.html
W32 dot Klez dot gen at mm is a generic detection that detects variants of W32.Klez.
http://securityresponse.symantec.com/avcenter/venc/data/w97m.wmvg.gen.html
W97M.WMVG.Gen is a generic detection for macro viruses that were
created using the "WalruS Macro Virus Generator (WMVG)." Norton
AntiVirus detects any macro virus created by the known version of this
kit as W97M.WMVG.Gen
And more, more, more ....
Also most of AV-products detects not only viruses, but also exploits,
hoaxes and other malware. So "number of viruses" - it's just
simplifation for users.
PS: I'm surprised with such mention. You demostrate first
widly spread mistake: "less records -- less viruses". Look at
situation, customer wrote to TechSupport (for Win version):
"Something goes wrong. After installing, your product eats less that
5Mb of my HDD, but my second AV-product eats more that 15MB and
secondly, you on-access monitor (SpIDer) doesnt eat CPU resources."
If product small and fast - something goes wrong ?! You know to whom
we should say "Thank" for this. I'm confusing.
Best regards,
Sergey Akhapkin <>
Software Developer
ID Antivirus Lab <http://www.drweb32.com>
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|