Re: virus?

---

• From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
• Date: Wed, 25 May 2005 16:56:40 -0400

---

From: "Crouchie1998" <crouchie1998@xxxxxxxxxxx>

| LOL
|
| 96.37% of all stats are made up, but this one especially
|
| Some of those virus programs are out-of-date because it mentions Symantec
| Antivirus 8 Corporate Edition & I am using version 9.0.0.1400, which is the
| very latest version.
|
| Crouchie1998
| BA (HONS) MCP MCSE
|

Well there are three parts to every AV application; Kernel, Engine an Signatures.

- The version of the software is the Kernel.
- The Engine applies the algorithms for find infectors
- The signatures are the fingerprints of the infector.

The two most important parts are the Engine and Signature files.

The Kernel is application and OS related and is insignificant for the purpose of Virus
Total's tests 0or sample analysis.

For example if you used the McAfee Command Line Scanner, it stands alone and independent of
whether it is Enterprise VirusScan v7.x, Enterprise VirusScan v8.0i or Retail VirusScan 8
or Retail VirusScan 9. Only the Engine and Signature files are used.

I can assure you that Virus Total does not have 18 AV applications installed and running on
a server. Rather they are applying the sample to the various command line scanners. So the
fact that it is Symantec v8 or Symantec v9 is insignificant. It is more important to know
the version of the signature files that were used. Why that is not displayed I don't know.
For McAfee is shows DAT v4479 but it does not show the Engine version which should be v4400.

In summation, the latest version of software is needed on a desktop for a given OS, it is
not needed for vendor scanner infector analysis.

If you question the analysis using Symantec v8 vs. Symantec v9 I suggest email --
info@xxxxxxxxxxxxxx

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

---

• Follow-Ups:
  • Re: virus?
    • From: Crouchie1998

• References:
  • virus?
    • From: sthompson
  • Re: virus?
    • From: Rob
  • Re: virus?
    • From: Kevin D . Quitt
  • Re: virus?
    • From: Crouchie1998

• Prev by Date: Re: services.exe terminated unexpectedly with error code 128
• Next by Date: Logon Banner
• Previous by thread: Re: virus?
• Next by thread: Re: virus?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [Full-Disclosure] f-prot not catching mimail ? (now fixed) ... This is now fixed with an updated engine. ... F-PROT ANTIVIRUS ... VIRUS SIGNATURE FILES ... >> Currently the scanner does not support that type of encoding. ... (Full-Disclosure) Re: Virus affecting search engines ... link to a major search engine. ... into the issue we have found that one of our server I.P. ... This virus was made ... >> but if I try a search, an IE error page loads. ... (microsoft.public.scripting.virus.discussion) RE: [Full-Disclosure] rpc worm ... I am running NAV Corporate Edition 8.00.9374 with Scan Engine 4.1.0.15, ... Event: Virus Found! ... (Full-Disclosure) Re: Rogue Diallers ... I run Spybot and Virus Check regularly ... > its a one-off virus checker that uses their latest signature files as ... Then move on to Spybot S&D, ... (uk.legal) RE: Intellifind bug in IE? ... it's the worst form of a virus ... ... try spybot safer-networking.org ... update first before scanning and remove the scum from your ... engine called Intellifind. ... (microsoft.public.windows.inetexplorer.ie6.browser)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.general  > 2005-05