Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Incidents
Possible Mail server compromise ? Feb 04 2008 06:28PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies)
Re: Possible Mail server compromise ? Feb 12 2008 11:41PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies)
Re: Possible Mail server compromise ? Feb 18 2008 07:19PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (2 replies)
Re: Possible Mail server compromise ? Feb 20 2008 02:43AM
Eduardo Tongson (propolice gmail com) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 07:33PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Re: Possible Mail server compromise ? Feb 21 2008 02:38AM
Eduardo Tongson (propolice gmail com)
Re: Possible Mail server compromise ? Feb 19 2008 05:35PM
Bob Toxen (vger verysecurelinux com) (2 replies)
Re: Possible Mail server compromise ? Feb 20 2008 02:14AM
Jon Oberheide (jon oberheide org) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 05:11PM
Valdis Kletnieks vt edu (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 07:25PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 11:07PM
Peter Kosinar (goober ksp sk) (1 replies)
Re: Possible Mail server compromise ? Feb 21 2008 10:49AM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
RE: Possible Mail server compromise ? Feb 22 2008 12:38AM
Richard C Lewis (chad mr-lew com) (1 replies)
Re: Possible Mail server compromise ? Feb 26 2008 04:19PM
Faas M. Mathiasen (faas m mathiasen googlemail com)
Re: Possible Mail server compromise ? Feb 19 2008 06:46PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (3 replies)
Re: Possible Mail server compromise ? Feb 20 2008 02:48PM
Eygene Ryabinkin (rea-sec codelabs ru) (2 replies)
Re: Possible Mail server compromise ? Feb 20 2008 10:59PM
Valdis Kletnieks vt edu (1 replies)
Re: Possible Mail server compromise ? Feb 21 2008 10:31AM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Dear Valdis,

Interesting, have you compared your results with another scanner ? If
you just scan with ClamAV
you can't obviously really tell what you missed that other scanners found.

On Wed, Feb 20, 2008 at 11:59 PM, <Valdis.Kletnieks (at) vt (dot) edu [email concealed]> wrote:
> On Wed, 20 Feb 2008 17:48:10 +0300, Eygene Ryabinkin said:
> > Tue, Feb 19, 2008 at 07:46:35PM +0100, Faas M. Mathiasen wrote:
> > > ClamAV ? Lowest detection rate in the industry,
> >
> > Possibly... Where is the statistics?
>
> Let's inject a little bit of actual reality here, shall we?
>
> When you look at the crap that *actually arrives*, the vast majority of it is
> so old that almost *everything* should be catching it. Our main mailscanner
> hub statistics for last week:
>
> Date: Mon, 18 Feb 2008 01:12:02 -0500
>
> Weekly Virus Summary
>
> 3581 Total Virus Detections
>
> Breakdown by Virus Family:
> 692 MYDOOM (19.32%)
> 615 PUSHDO (17.17%)
> 605 NETSKY (16.89%)
> 302 MYTOB ( 8.43%)
> 286 IFRAME ( 7.99%)
> 149 VIRUT ( 4.16%)
> 143 BUGBEAR ( 3.99%)
> 135 ( 3.77%)
> 123 NYXEM ( 3.43%)
> 112 SALITY ( 3.13%)
> 97 ZAFI ( 2.71%)
> 77 BAGLE ( 2.15%)
> 65 LOVGATE ( 1.82%)
> 42 DLOADR ( 1.17%)
> 25 ENCPK ( 0.7%)
> 17 PUSHU ( 0.47%)
> 15 DUMARU ( 0.42%)
>
> There we go. The top 17 accounted for 3,500 out of 3,581 of the detects,
> or 97.7% of them. And before you ask, yes, I'm pretty sure there weren't any
> floods of fail-to-detects caused by some new unknown in the last week, or it
> would have been all over the various security lists. OK, so maybe 2 dozen
> or so missed detects got through. However...
>
> Once you get to 95% or 97% on the e-mail scanning, your user community is
> much more in danger of getting nailed by something they got off a P2P net
> or a drive-by fruiting from some website they visited.
>
>

[ reply ]
Re: Possible Mail server compromise ? Feb 21 2008 05:13PM
Paul Schmehl (pauls utdallas edu)
Re: Possible Mail server compromise ? Feb 20 2008 07:10PM
Faas M. Mathiasen (faas m mathiasen googlemail com)
Re: Possible Mail server compromise ? Feb 20 2008 07:05AM
Bob Toxen (vger VerySecureLinux com) (1 replies)
Re: Possible Mail server compromise ? Feb 20 2008 07:25PM
Faas M. Mathiasen (faas m mathiasen googlemail com)
Re: Possible Mail server compromise ? Feb 20 2008 01:51AM
Valdis Kletnieks vt edu
Re: Possible Mail server compromise ? Feb 13 2008 09:55AM
Michael Loftis (mloftis wgops com)
Re: Possible Mail server compromise ? Feb 13 2008 05:09AM
Jon Oberheide (jon oberheide org)
Re: Possible Mail server compromise ? Feb 04 2008 07:05PM
Jon R. Kibler (Jon Kibler aset com) (1 replies)
Re: Possible Mail server compromise ? Feb 04 2008 09:39PM
Tony Maupin (tony themaupins com) (1 replies)
Re: Possible Mail server compromise ? Feb 04 2008 09:57PM
Faas M. Mathiasen (faas m mathiasen googlemail com) (1 replies)
Re: Possible Mail server compromise ? Feb 05 2008 05:49PM
Valdis Kletnieks vt edu
RE: Possible Mail server compromise ? Feb 04 2008 06:58PM
Worrell, Brian (BWorrell isdh IN gov)







 

Privacy Statement
Copyright 2009, SecurityFocus