On Thu, Apr 14, 2005 at 08:29:44AM -0400, Samuel Benzaquen wrote:
> > > I have been running clamav for quite some time now. For most of that
> > > time I was receiving between 1500 and 2000 viruses per day. However,
> > > lately the number is down to about 200 per day. I don't have any users
>
> We've also seen it on our annual graph. I would post the link, but our
> graphs require authentication... =(
> Viral traffic on our network is now half of what it used to be on Nov 2004.
I hate to be pessimistic, but I believe is the absense of a large amount
of virus traffic is because the virus authors currently don't want a large
amount of traffic.
Yes, better filtering by ISPs will help somewhat, but I believe any virus
outbreaks are still caused by the large group of click-on-everything lusers
behind ISPs who don't care about abuse issues.
The biggest virus outbreaks that I witnessed in the past few months
were for Sober-I starting november 19th, and ending januari 5th. During
this outbreak, virus volumes were upto 15 times the usual rate, at the
beginning we even saw rates of upto 30 viruses per second (currently, it's
down to a managable 0.5 to 1 virus per second).
If you look up the virus description, Sober-I was scheduled to stop
replicating at januari 5th.
The next big outbreak was for Sober-K, and I couldn't offhand find a
cutoff date for it, but it seemed to have tapered off the beginning
of March.
So, while there might be a slow decrease in the "background virus
noise" due to more awareness/better filtering, the peaks are primarily
controlled by the virus authors. And that's a scary thought...
--
#!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig; # Jan-Pieter Cornet
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
