Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2435 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virus detection

TimRay

I am evaluating a few different AV packages with a view to moving away from Symantec Endpoint Protection which I am unhappy with. As part of my evaluation of each package I have downloaded a collection of viruses from virussig.com and scanned them to see how many are identified.

With Sophos, if I create a new scan and include just the folder containing the viruses (sub-folders are automatically selected) it doesn't find a single virus. However, if i right-click on the folder and select Scan with Sophos Anti Virus, it detects 579 viruses (incidentally Kaspersky found 2600 in the same folder but that's a differnt matter). Can anyone explain why the normal  scan doesn't find these viruses but the right-click does.

Thanks

:14827


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for the explanation

    You're welcome.

    it does seem a very strange default scan option

    It might seem like peculiarities but different vendors have different approaches - and it often can't be decided which is better (although this being a Sophos forum you probably know the "right" answer :smileywink:). I can only speak for the Sophos setup.

    • On-access should scan all "executables" (including also for example PDF, .INI and so on) and "potential executables" (as some browsers download/cache files without an extensions these too are scanned).
    • A "normal" (scheduled) scan scans "executables" only as it is unlikely that cached items are "re-used" outside a browser
    • A right-click scan is for paranoid mode :smileywink:

    I'd like to mention two more facts which are often questioned:

    1. Archives are not scanned by default: in order to run a malicious item has to be unpacked and then opened - at this point it is scanned by the on-access scanner and that's sufficient
    2. For the same reason mail is not scanned (neither in transit nor when you view the body only) - but an attachment is when it is opened

    Christian

    :14845
Reply
  • 0

    Thanks for the explanation

    You're welcome.

    it does seem a very strange default scan option

    It might seem like peculiarities but different vendors have different approaches - and it often can't be decided which is better (although this being a Sophos forum you probably know the "right" answer :smileywink:). I can only speak for the Sophos setup.

    • On-access should scan all "executables" (including also for example PDF, .INI and so on) and "potential executables" (as some browsers download/cache files without an extensions these too are scanned).
    • A "normal" (scheduled) scan scans "executables" only as it is unlikely that cached items are "re-used" outside a browser
    • A right-click scan is for paranoid mode :smileywink:

    I'd like to mention two more facts which are often questioned:

    1. Archives are not scanned by default: in order to run a malicious item has to be unpacked and then opened - at this point it is scanned by the on-access scanner and that's sufficient
    2. For the same reason mail is not scanned (neither in transit nor when you view the body only) - but an attachment is when it is opened

    Christian

    :14845
Children
No Data