On Tue, 28 Nov 2006, Dennis Peterson wrote:
Per Jessen wrote:
This is not really complaint, perhaps just an observation.
On 25/11 around 1000CET I submitted a sample and again on 26/11 also
around 1000 I submitted a second sample - both phishing.
I've only just today around 1800CET received confirmation for both. This
is respectively about 56 and 32 hours later. I understand it was on a
weekend etc., but for ClamAVs phishing detection/protection to have any
meaning/reason at all, the time from submit to publish needs to be a
LOT shorter.
I'm not aware of any systems that have been disabled or rendered useless be
even the most aggressive phishing scheme.
Maybe not, but the response time for samples seems pretty low for
trojans, too - Our desktop scanner, Mcafee, caught a new IRC trojan in
our systems on November 1st. ClamAV didn't detect it, so I submitted a
sample, both direct and via TotalVirus. The sample still wasn't detected
by ClamAV a week after reporting (although it was added fairly quickly
after that)
I appreciate that people do this for free, and I don't know if that's a
typical response time - but it's worrying enough that we're looking at
running a commercial scanner in parallel to clamAV.
Funnily enough, the main reason we want to keep ClamAV is the
SaneSecurity phishing signatures - they're excellent.
Adam.
--------------------------------
Adam Stephens
Network Specialist - Email & DNS
[EMAIL PROTECTED]
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
