How many antivirus are recommended?

[Marc Stürmer]

Zitat von Alex <mysqlstudent at gmail.com>:

> We all have clamav+sanesecurity, but what others are people using?
> Sophos is horrible. Hardly worth it. It doesn't scan for nearly any of
> the popular vectors now.

The truth is that all virus scanners do suck equally at preventing the  
spread of new viruses at all. Because when a new wave hits the fan,  
the antivirus companies first need to update their signature databases  
and then you still need to download the update, which gives the bad  
guys plenty of time to spread their unholy stuff like wild fire.

So having an antivirus scanner just gives some kind of protetection  
against already known virus, nothing less, nothing more. It should be  
always combined with rules concerning file extension filtering.

Some years ago a guy from a German University at the mail server  
conference from Heinlein Academy showed some interesting diagrams on  
exactly that kind of matter, he used two virus scanners on the same  
system.

The setup was that the second virus scanner only fires up if the first  
one doesn't have anything to complain about.

First he had Sophos as first virus scanner with Clamavd as second;  
after checking his stats however he found out that Clamavd was the  
superior scanner, caching more stuff and reversed his scanning cascade  
order.

So taking this into account, such an email scanner even might give the  
users a false sense of security cushion which in reality is not there.  
The best thing still to do is to teach them on which attachments to  
open and which not on their system.