anomy-list

Re: Re: OpenAntiVirus

From: Szűcs János (60769@xyz.molar.is)
Date: Mon 28 Oct 2002 - 01:38:58 GMT

  • Next message: Oliver: "<DIV></DIV>"

    Hi Rick,

    This is an answer to your message, but I still cannot send replies to a
    thread with my Opera; I can only post new threads. Sorry for that.

    First, I have to clear up one important thing: I am not in any ways tied to
    Bjarni's Sanitizer project.
    I am only a user of his great tool, as you are. I do not use Sanitizer in
    combination with F-Prot, either. (I would if I could, but for financial
    reasons I use an other antivirus program on a client machine, by which I
    eventually scan the quarantine). You can guess now that I would be the most
    glad if OpenAntivirus was a reliable solution.

    And now my answers to your questions:
    >> OpenAntivirus in its present state seems to be very-very far from being a
    >> reliable solution.
    >> What about virus definition files for it? How often are they released?
    >> What about the detection of macro viruses?

    > Are you speculating or speaking from experience or documentation?

    This thread had given me the idea to have a look at OpenAntivirus. I had
    visited the author's mailing list and I found that they were still debating
    about fundamental things:
    - what are the principles of preparing virus signatures; how to automate
    that; if they could use the virus signatures of commercial virus scanners;
    and so on.
    At present they use seach strings (patterns) for detection of viruses. They
    themselves mention that this approach is not appropriate for detection of
    viruses which come in source code (like all visual basic, vbscript or jscript
    viruses). They cannot detect polymorphic viruses, either. Because of this,
    they esteemed that OpenAntivirus can theoretically detect some 80% of the
    viruses (supposed that their virus signatures are always up-to-date).

    So my speculation is based on the above facts.
    I do not debate that OpenAntivirus can catch viruses. Actually it may catch
    80% of them, which is great. But there is the other 20%, which I deem too
    high.
    The question of virus signature updates: when a new e-mail virus begins its
    life, the reputed antivirus programs' virus definition updates are available
    in 2 or 3 days. Reading the mailing list, this question did not appear to me
    as solved in the case of OpenAntivirus. It may even take weeks until the
    virus definition file is updated in such cases. This delay is unaffordable.
    Please consider: a new virus can spread the most quickly in its first days or
    weeks of life, when the antivirus programs cannot detect them as the
    signatures are not available or careless users do not update them. So this is
    a very critical period, and it is too long in the case of OpenAntivirus.

    > I think you may have missed his point. His questions was could he use
    > OpenAntivirus with Sanitizer vs. a commercial product?

    I did not miss his point at all.
    My answer to this question was between my lines:
    No, Sanitizer with OpenAntivirus is not an alternative of commercial
    solutions, if safety is a must.
    But an adequately configured Sanitizer on the server and a good commercial
    virus scanner on the administrator's machine are a real alternative, if cost
    saving is important.



    hosted by molar.is