Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1801 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Kaspersky Engine is Better !

Alvin
Some Virus Infected e-mails is caught by ClamAV and not the main Authentium Engine.

Submitted to VirusTotal and confirmed Authentium is not catching it now but Kaspersky could !

Really hope Astaro would go back to Kaspersky for it's fast detection.

Complete scanning result of "Update-KB2251-x86.zip", received in VirusTotal at 10.23.2006, 21:26:18 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.32 10.23.2006 HEUR/Crypted
Authentium 4.93.8 10.23.2006 no virus found
Avast 4.7.892.0 10.23.2006 Win32:Warezov-ME
AVG 386 10.23.2006 I-Worm/Stration
BitDefender 7.2 10.23.2006 Win32.Warezov.DN@mm
CAT-QuickHeal 8.00 10.23.2006 no virus found
ClamAV devel-20060426 10.23.2006 Worm.Stration.KO
DrWeb 4.33 10.23.2006 Win32.HLLM.Limar.based
eTrust-InoculateIT 23.73.33 10.23.2006 Win32/Stration!ZIP!Worm
eTrust-Vet 30.3.3152 10.23.2006 Win32/Stration!ZIP!generic
Ewido 4.0 10.23.2006 no virus found
Fortinet 2.82.0.0 10.23.2006 W32/Stration.DS@mm
F-Prot 3.16f 10.23.2006 W32/Warezov.gen3!W32DL
F-Prot4 4.2.1.29 10.23.2006 W32/Warezov.gen3!W32DL
Ikarus 0.2.65.0 10.23.2006 Email-Worm.Win32.Warezov.gen
Kaspersky 4.0.2.24 10.23.2006 Email-Worm.Win32.Warezov.dn
McAfee 4879 10.23.2006 W32/Stration.dldr
Microsoft 1.1603  10.23.2006 Win32/Stration.gen!dl
NOD32v2 1.1826 10.23.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 10.23.2006 no virus found
Panda 9.0.0.4 10.23.2006 no virus found
Sophos 4.10.0 10.23.2006 W32/Stratio-AY
TheHacker 6.0.1.103 10.23.2006 no virus found
UNA 1.83 10.23.2006 no virus found
VBA32 3.11.1 10.23.2006 suspected of Worm.Warezov.1 (paranoid heuristics)
VirusBuster 4.3.7:9 10.23.2006 Trojan.Opnis.Gen.8


This thread was automatically locked due to age.
Parents
  • 0
    Another one.
    Hope by submitting to VirusTotal, Authentium would add it fast.

    Complete scanning result of "Update-KB5937-x86.exe", received in VirusTotal at 10.23.2006, 21:33:30 (CET).

    Antivirus Version Update Result
    AntiVir 7.2.0.32 10.23.2006 HEUR/Crypted
    Authentium 4.93.8 10.23.2006 no virus found
    Avast 4.7.892.0 10.23.2006 Win32:Warezov-ME
    AVG 386 10.23.2006 I-Worm/Stration
    BitDefender 7.2 10.23.2006 Win32.Warezov.DN@mm
    CAT-QuickHeal 8.00 10.23.2006 no virus found
    ClamAV devel-20060426 10.23.2006 Worm.Stration.KB
    DrWeb 4.33 10.23.2006 Win32.HLLM.Limar
    eTrust-InoculateIT 23.73.33 10.23.2006 no virus found
    eTrust-Vet 30.3.3152 10.23.2006 Win32/Stration!generic
    Ewido 4.0 10.23.2006 Worm.Warezov.dn
    Fortinet 2.82.0.0 10.23.2006 W32/Stration.DS@mm
    F-Prot 3.16f 10.23.2006 W32/Warezov.DU
    F-Prot4 4.2.1.29 10.23.2006 W32/Warezov.DU
    Ikarus 0.2.65.0 10.23.2006 Email-Worm.Win32.Warezov.gen
    Kaspersky 4.0.2.24 10.23.2006 Email-Worm.Win32.Warezov.dn
    McAfee 4879 10.23.2006 W32/Stration.dr
    Microsoft 1.1603  10.23.2006 Win32/Stration.gen!dl
    NOD32v2 1.1826 10.23.2006 Win32/Stration.KG
    Norman 5.80.02 10.23.2006 W32/Stration.ABR
    Panda 9.0.0.4 10.23.2006 Trj/SpamtaLoad.M
    Sophos 4.10.0 10.23.2006 W32/Stratio-AY
    TheHacker 6.0.1.103 10.23.2006 no virus found
    UNA 1.83 10.23.2006 no virus found
    VBA32 3.11.1 10.23.2006 Email-Worm.Win32.Warezov.dn
    VirusBuster 4.3.7:9 10.23.2006 Trojan.Opnis.Gen.8
  • 0 in reply to Alvin
    I fully agree with Alvin. Authentium does a very bad job of keeping their virus database up to date. And detection rates are definitely below standards. I have found that I have to enable Clamav just so I am sure the viruses are caught. I would like to just enable one of the AV Scanners to save on resources, but not at the expense of leaving my network open to attack. Kaspersky on Astaro use to up date once every hour or so. I hardly see Authentium being updated. Maybe once a day....if that. Looks like we have to use the second engine just to backup the first which Astaro stated wasn't their intention here (UTMPlanet):

    "Appears we created some controversy by adding a second virus scanner in 6.100. A nice enough customer evaluating our product forwarded me an email in which a competitor positions his product against Astaro Security Gateway. One thing I found rather interesting was his comment about the quality of our Virus Scanning. According to him it must be so bad that we had to add a second engine. Well, it's needless to say that wasn't exactly our motivation" 

    The engine may be faster, but not as thorough as Kaspersky. Please Astaro bring back Kaspersky!
  • 0 in reply to dayne
    ClamAV saved the day again, Not Authentium.

    Somehow it shows Authentium is capable of catching but from the Firewall, it is ClamAV that stopped it.

    Please have Kaspersky back !



    Complete scanning result of "Update-KB6125-x86.zip", received in VirusTotal at 10.27.2006, 18:44:36 (CET).

    Antivirus Version Update Result
    AntiVir 7.2.0.34 10.27.2006 TR/Dldr.Stration.D
    Authentium 4.93.8 10.27.2006 W32/Warezov.gen3!W32DL
    Avast 4.7.892.0 10.27.2006 Win32:Warezov-NT
    AVG 386 10.27.2006 I-Worm/Stration
    BitDefender 7.2 10.27.2006 Win32.Warezov.DO@mm
    CAT-QuickHeal 8.00 10.27.2006 no virus found
    ClamAV devel-20060426 10.27.2006 Worm.Stration.KR
    DrWeb 4.33 10.27.2006 Win32.HLLM.Limar.based
    eTrust-InoculateIT 23.73.38 10.27.2006 Win32/Stration!ZIP!Worm
    eTrust-Vet 30.3.3162 10.27.2006 Win32/Stration!ZIP!generic
    Ewido 4.0 10.27.2006 Worm.Warezov.eu
    Fortinet 2.82.0.0 10.27.2006 W32/Stration.DT@mm
    F-Prot 3.16f 10.27.2006 W32/Warezov.gen3!W32DL
    F-Prot4 4.2.1.29 10.27.2006 W32/Warezov.gen3!W32DL
    Ikarus 0.2.65.0 10.27.2006 Email-Worm.Win32.Warezov.gen7
    Kaspersky 4.0.2.24 10.27.2006 Email-Worm.Win32.Warezov.ev
    McAfee 4882 10.26.2006 W32/Stration.dldr
    Microsoft 1.1609  10.26.2006 Win32/Stration.gen!dl
    NOD32v2 1.1841 10.27.2006 a variant of Win32/Stration
    Norman 5.80.02 10.27.2006 Stration.gen@mm
    Panda 9.0.0.4 10.27.2006 no virus found
    Sophos 4.10.0 10.26.2006 W32/Stratio-Zip
    TheHacker 6.0.1.106 10.26.2006 W32/Stration@MM
    UNA 1.83 10.27.2006 no virus found
    VBA32 3.11.1 10.27.2006 Email-Worm.Win32.Warezov.eu
    VirusBuster 4.3.15:9 10.27.2006 Trojan.Opnis.Gen!Pac11

    Aditional Information
    File size: 7465 bytes
    MD5: 0e618065d26ac8bf4a99115bf2a2791e
    SHA1: f5ea3a3a8cd2d2048f7eba60833b2db2a69ebb82
  • 0 in reply to Alvin
    If you have both Authentium and ClamAV enabled, ClamAV always scans first.  However, I do agree that I've had a few instances where Authentium could not detect viruses that Clam (a "free" product) does.  Authentium's scanning speed is better, but they don't seem to be able to update their definitions as often as other vendors.. I hope that Astaro gives them a nudge to improve their update frequency!

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Thanks for explaining that ClamAV is the first scanner.

    It seem correct to have a under development product as the First Scanner and then a Main Product ( Astaro Engine / Authentium ) as the secondary layer to Ensure.

    Looking at the VirusTotal results, I don't trust Authentium More than ClamAV.
    Looking at the number of updates, ClamAV is Significantly more than Authentium.

    It seems that Authentium = F-Prot.
    The Sign, Sign2 and Macro files are the same names as F-Prot.

    Looking at the VirusTotal Results, they are the same name too.

    But then again, it also shows some F-Prot results can detect, Authentium cannot?

    Maybe the Time from F-prot pass the signatures to -> Authentium -> Then release under their name is the reason why some results show F-prot can detect but not Authentium.

    Complex Relationship.

    Keep to Kaspersky.

    Also Kaspersky is certified in Check-Mark Antivirus Level 1, Antivirus Level 2, Trojans and Spyware.
Reply
  • 0 in reply to BrucekConvergent
    Thanks for explaining that ClamAV is the first scanner.

    It seem correct to have a under development product as the First Scanner and then a Main Product ( Astaro Engine / Authentium ) as the secondary layer to Ensure.

    Looking at the VirusTotal results, I don't trust Authentium More than ClamAV.
    Looking at the number of updates, ClamAV is Significantly more than Authentium.

    It seems that Authentium = F-Prot.
    The Sign, Sign2 and Macro files are the same names as F-Prot.

    Looking at the VirusTotal Results, they are the same name too.

    But then again, it also shows some F-Prot results can detect, Authentium cannot?

    Maybe the Time from F-prot pass the signatures to -> Authentium -> Then release under their name is the reason why some results show F-prot can detect but not Authentium.

    Complex Relationship.

    Keep to Kaspersky.

    Also Kaspersky is certified in Check-Mark Antivirus Level 1, Antivirus Level 2, Trojans and Spyware.
Children
No Data
Cookie Information Banner