[unisog] Request Opinions on Anti-Virus Software

Chris Green cmgreen at uab.edu
Mon Jun 6 13:58:46 GMT 2005


On 6/3/05 4:16 PM, "Andy Johnston" <andy at umbc.edu> wrote:
> 
> UMBC has a site license McAfee Anti-Virus software and a server on our
> network that mirrors DAT updates.  We've noticed that we are frequently
> seeing malware infecting campus systems well before (sometimes several
> days) the DAT update that handles the problem appears.
>

We've had issues with that as well.  They are also detected as "Malware.H"
with no analysis of what it does since it's a generic signature.  I'm
starting to think that there are so many ways to create malware these days
that if it doesn't make network news, there's not going to be a lot of
analysis of it.

Another problem that we've had recently are machines that pound on McAfee's
download servers 300-400 times/hour trying to update.   We think this is due
to buggy software and it has appeared on machines that are both individually
managed and ones that are managed by ePO.  It's not a warm fuzzy feeling
though.  I've had to write up a script to check for flows to
download.nai.com's.



More information about the unisog mailing list