Scan engines and virus defs

[Gururajan Ramachandran]

[Please reply in newsgroup as email box is very small]

Hello,

What is the relationship between scan engines and virus def. files?

Is it possible to update virus defs. but not scan engine and be fully protected?
If not, what would the scan engine update do that virus defs. update does not
do?

Would you know a short list of the best anti-virus software for Linux email
servers?

Thank you.

Guru

 

[kurt wismer]

[Please reply in newsgroup as email box is very small]
Hello,

What is the relationship between scan engines and virus def. files?

scan engines use def files in order to know what to look for when
scanning for viruses...

Is it possible to update virus defs. but not scan engine and be fully protected?
no...

If not, what would the scan engine update do that virus defs. update does not
do?

it updates the *way* the engine looks for viruses rather than just what
the engine looks for...

 

[null]

[Please reply in newsgroup as email box is very small]

Hello,

What is the relationship between scan engines and virus def. files?

Is it possible to update virus defs. but not scan engine and be fully protected?
If not, what would the scan engine update do that virus defs. update does not
do?

That question cannot be answered without knowing specifics. Sometimes
older scan engines are ok to use for quite awhile. Sometimes older
scan engines only _seem_ ok to use, but some forms of malware are no
longer handled in spite of current defs. In general, you had best ask
your av vendor for advice and information if it isn't available at his
web site. When in doubt, use the latest scan engine version.


Art
http://www.epix.net/~artnpeg

 

[FromTheRafters]

[Please reply in newsgroup as email box is very small]

Hello,

What is the relationship between scan engines and virus def. files?

The engine uses the def files as data.

Is it possible to update virus defs. but not scan engine and be fully protected?

Possible, yes. However, there could be a need to use a newer
engine to make full use of a newer def file.

If not, what would the scan engine update do that virus defs. update does not
do?

Hypothetically, consider an engine that executes the first fifty instructions
of an encrypted virus file in an emulated environment in order to reveal
the code necessary to match against the def file's data. If a virus is written
that requires that emulated execution proceed for fifty-four instructions
before enough code is revealed, you would need a new engine to take
full advantage of the new def.

Would you know a short list of the best anti-virus software for Linux email
servers?

Many vendors are starting to make Linux versions, but I haven't
heard any feedback about any of them.

 

[Boyd Williston]

(e-mail address removed) (Gururajan Ramachandran) wrote in

[Please reply in newsgroup as email box is very small]

Hello,

What is the relationship between scan engines and virus def. files?

The scan engine compares what it finds in the virus def files and other
files. A match indicates an infection.

Is it possible to update virus defs. but not scan engine and be fully
protected? If not, what would the scan engine update do that virus
defs. update does not do?

Virus def. files are updated very often, sometimes more than once per day.
Scan engines are updated much less often, usually when some technology
requires it, such as adding the ability to scan for a new type of problem,
or to add some new feature. More than likely, if you don't keep your scan
engine updated, you will not be as fully protected as just updating the
virus def. And sometimes, a new virus def. forces you to update your scan
engine.

Would you know a short list of the best anti-virus software for Linux
email servers?

Can't help on this.

 

[Frans Meijer]

Would you know a short list of the best anti-virus software for Linux email
servers?

The best depends on your needs. F-Prot has a product for mailservers, McAfee
too I think and for more you could look on
http://www.linux.org/apps/all/System/Anti-Virus.html