M
Mikey
48.6KBs, a wee one this am.
v.6.0.542
db 336
v.6.0.542
db 336
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
M
Mel
Mikey said:48.6KBs, a wee one this am.
v.6.0.542
db 336
Detects I-worm/Mimail.J
The AVG server is a bit slow to respond today took several attempts to download ok.
I was sent a batch of at least 17 of these last night - another swen perhaps ?
(there might have been more but my spamgoumet account hit it's limit)
AVG didn't detect anything, the free etrust promo which I haven't updated recently
reported it as a mimail variant.
R
Richard Steven Hack
Detects I-worm/Mimail.J
The AVG server is a bit slow to respond today took several attempts to download ok.
I was sent a batch of at least 17 of these last night - another swen perhaps ?
(there might have been more but my spamgoumet account hit it's limit)
AVG didn't detect anything, the free etrust promo which I haven't updated recently
reported it as a mimail variant.
Some idiot in alt.antivirus was complaining that AVG was "worthless"
because it didn't detect a new variant but still certified his
infected email as clean. Obviously if it doesn't have the signature
it will not detect it, and therefore the email certification is
perfectly valid - even if wrong. Well, now it does detect it. Maybe
some AV engines can detect new variants and some can't. For freeware,
as long as AVG keeps updating I'll continue to use it (while exploring
alternatives in case they stop the freeware version, as has been
rumored.)
?
=?ISO-8859-1?Q?=BBQ=AB?=
Some idiot in alt.antivirus was complaining that AVG was
"worthless" because it didn't detect a new variant but still
certified his infected email as clean. Obviously if it doesn't
have the signature it will not detect it,
AVG has no heuristic scanning at all?
and therefore the email certification is perfectly valid - even if
wrong.
One more reason people should ignore the useless certifications.
Better yet, AVG users should uncheck the box for them.
R
REMbranded
AVG has no heuristic scanning at all?
Yes, it does. I use it and I don't recall ever having a false positive
from it either. I'm pretty impressed with this as a freeware scanner.
I haven't tried others really, F-PROT way back when maybe.
One more reason people should ignore the useless certifications.
Better yet, AVG users should uncheck the box for them.
The certificate means only that the attachment passed the scanner in
question at a particular previous point in time.
Back when a 486dx33 was serious hardware I got a pretty bad bug. I
used McAfee at the time and I'm pretty sure they were the most active
in staying current with new bugs. I showed clean with it and F-PROT. I
knew something was strange. I had lots of hardware anomalies.
Sometimes A: worked perfectly, sometimes it corrupted data, and
sometimes it wasn't there at all. I thought I had hardware problems as
the system crawled. It was over one year before I finally got a McAfee
update that identified the bug. It was a VICE variant. F-PROT took
another 6 months or so to add VICE into its detections list.
Looking back, I could have helped the situation by sending files in
for analysis. As time passed and I still scanned clean I really
thought I had a bad motherboard though. The bug ran my BBS fine. It
provided a minimal working machine otherwise... just enough that I
didn't do anything drastic.
I guess that file did not proliferate quickly, or either there were a
bunch of people in the same boat I was in. I checked each file I had
for download and got them from usenet via uudecode. The file was a
video display similar to a fractal. Luckily no one downloaded the
thing the entire year I had it up. Unluckily, I had no idea where I
had gotten the file from and could not relay the info. Each file on
the BBS was scanned everytime I got an update and I added a file into
the zip that said the file passed Mc v. whatever at this date and from
the BBS name. At least people could see where the file came from and
the scanner and version that passed it, even if it later showed as
dirty.
?
=?ISO-8859-1?Q?=BBQ=AB?=
The certificate means only that the attachment passed the scanner in
question at a particular previous point in time.
To the recipient, it should not mean even that. It's only a bit of
text added to the article, easily faked by a malicious user or by
malware trying to spread itself.
M
Mel
»Q« said:To the recipient, it should not mean even that. It's only a bit of
text added to the article, easily faked by a malicious user or by
malware trying to spread itself.
Quite agree about the certification. The only point is to advertise AVG.
And it's irritating...
AVG does have heuristic scanning and I had it enabled,
however it doesn't seem to be that effective...
Or perhaps they've erred on the safe side to reduce false
detections.
I have seen the odd report of AVG producing a false positive - eg
AVG has improved greatly this year - they've fixed the AVG shell extension
which previously failed to detect viruses in various file types, and significantly
increased the update frequency. If it's still available for free when etrust
expires I'd use it again.
R
Richard Steven Hack
AVG has no heuristic scanning at all?
How hard can it be to beat AV heuristic scanning? You make your
virus, you test it against the AV programs until they DON'T detect it,
then you send it out. If I was a virus writer, that's what I'd do.
"Heuristics" means just that - they are no guarantee of detection.
?
=?ISO-8859-1?Q?=BBQ=AB?=
Thanks to the others who have pointed out that AVG can indeed detect
viruses for which it does not yet have signatures.
I imagine it can be pretty difficult, depending on how many and which
of the AV apps you wish to defeat.
Heuristics scan machine code. How would you know what part(s) of
your source code needed modification, and what modifications they
needed? Your guessing game could take a very long time, perhaps
forever.
No one except AVG implied that there were any guarantees. The
'certification' it attaches to e-mails claims that the mail is virus
free, which no AV app can be sure of. Most other AV apps signal 'no
infection found,' much more honest.
This discussion belongs in one of the AV groups, and in fact takes
place there relatively frequently, so I'll let it go now.
--
»Q« It's is not, it isn't ain't, and it's it's, not its, if you
mean it is. If you don't, it's its. Then too, it's hers.
It isn't her's. It isn't our's either. It's ours, and
likewise yours and theirs.
-- Oxford University Press, Edpress News
viruses for which it does not yet have signatures.
How hard can it be to beat AV heuristic scanning?
I imagine it can be pretty difficult, depending on how many and which
of the AV apps you wish to defeat.
You make your virus, you test it against the AV programs until
they DON'T detect it, then you send it out. If I was a virus
writer, that's what I'd do.
Heuristics scan machine code. How would you know what part(s) of
your source code needed modification, and what modifications they
needed? Your guessing game could take a very long time, perhaps
forever.
"Heuristics" means just that - they are no guarantee of detection.
No one except AVG implied that there were any guarantees. The
'certification' it attaches to e-mails claims that the mail is virus
free, which no AV app can be sure of. Most other AV apps signal 'no
infection found,' much more honest.
This discussion belongs in one of the AV groups, and in fact takes
place there relatively frequently, so I'll let it go now.
--
»Q« It's is not, it isn't ain't, and it's it's, not its, if you
mean it is. If you don't, it's its. Then too, it's hers.
It isn't her's. It isn't our's either. It's ours, and
likewise yours and theirs.
-- Oxford University Press, Edpress News
R
Richard Steven Hack
Heuristics scan machine code. How would you know what part(s) of
your source code needed modification, and what modifications they
needed? Your guessing game could take a very long time, perhaps
forever.
It's not a guessing game. You have the AV products right there on
your test machine. You modify code until it doesn't detect it. My
guess would be it would take a virus writer a very short time to
converge on a virus that would be completely indetectible to either
signature or heuristics (until it gets out in the wild and someone
uses the same technigues to derive the signature). If the writer is
good enough, he can decompile enough of the AVs to see how their
heuristics work. There's probably some info available on the Net as
to how it's done as well, although I assume most of the approaches are
proprietary.
No one except AVG implied that there were any guarantees. The
'certification' it attaches to e-mails claims that the mail is virus
free, which no AV app can be sure of. Most other AV apps signal 'no
infection found,' much more honest.
Your point about the wording may be correct. "Certified virus free"
may indeed be too strong a statement in the technical sense.