Round 2 of the anti-virus face-off didn't go as expected. I found the issue with emails where the emails weren't kept on the server for all the computers to retrieve. Completely my fault. I have multiple email accounts and one of those accounts would clear the server. All though is not lost. The challenge continues.
For this round I retrieved all the emails using the computer with CA installed. For the emails containing malware that CA did not detect, I forwarded them on to all the other computers. In addition instead of listing every malware infected email, I've decided to list only the unique emails.
The following are the emails received:
Subject/Attachment
Jessica would like to be your friend on hi5! / Invitation Card.zip
You have received A Hallmark E-Card! / Postcard.zip
Stolen document / your_document_audictionary.zip
Shipping update for your Amazon.com order 254-78546325-658742 / Shipping documents.zip
Re: Re: website / website.zip
Canada immigration / winmail.dat>Documents and Settings\MyDocuments\Readme.doc .exe
Error / msg_audictionary.zip
Results
Total unique malware 7
CA missed 3
Invitation Card.zip
Postcard.zip
Shipping documents.zip
Because the emails were collected it is not possible to see if the other combatants would have missed malware CA detected. All we can now do is check to see if the three malware missed by CA were handled by the others.
AVG missed 3
Invitation Card.zip
Postcard.zip
Shipping documents.zip
Avast missed 3
Invitation Card.zip
Postcard.zip
Shipping documents.zip
MSE missed 0
OzEfilter. Would have deleted the emails at the mail server.
Outcome for round 2.
1. MSE
2 AVG, Avast, CA
What is interesting is AVG, Avast and CA all missed detecting the same files that were missed from yesterday's round. It will be interesting to watch the time it takes before these products correctly handle the three malware.
MSE already handled them so the real challenge for MSE is to see what happens when it receives malware it doesn't already know about. Time will tell how it performs.
- Kelvin
No comments:
Post a Comment