December 4th, 2005 08:17 AM
GMail AntiVirus = Sophos
This was tonights project of mine:
According to various sources around the net, Google won't disclose
who is providing the Antivirus technology for it’s web based email service, Gmail.
Since it was just begging to be answered, I decided to find out for myself.
Using various malware picked up from “Google Hack” Honeypots, as well as various sources around the net, I cross referenced the Gmail virus alerts with the Virustotal.com database. Using these pieces of malware, I was able to determine through process of elimination that the antivirus provider for Gmail is Sophos, an industry leader. This is my determination based on the data returned to me from Virustotal.com. More testing would verify my claim.
December 4th, 2005 10:56 PM
From scanning about 50 pieces of malware while doing this, I also got an insight to how well the AV's compete against each other.
Kaspersky seems to have some pretty thorough detection.
ClamAV didn't do as well as I figured it would... Fortinet (never heard of 'em) did pretty well too.
December 5th, 2005 07:36 PM
unless you are working on a corporate level you most likely will have never heard of Fortinet. I use them pretty extensively here, and they are a pretty good product.
The older stuff was "supposedly" using the same AV techniques that Trend is using and there was a rather large lawsuit over it. Fortinet has since changed the way they handle scanning of viruses, and in my opinion has upped the ante a bit to their competitors.
Oh and I'm not sure if your front page is configured the same way mine is, but at the top is a list of EITPlanet.com: Security Products and Fortinet is listed right there
Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
December 6th, 2005 04:32 AM
December 6th, 2005 05:26 AM
I thought it'd be neat to see this make slashdot, but I doubt they'll post it unless others confirm it. Unfortunately, I think gmail will be switching vendors to test AV. It's beta and that's the only reason I can think of for not publicizing the vendor.
December 6th, 2005 01:45 PM
If they publicize the vendor, it's that much easier to find worms which that particular database doesn't detect and use them, isn't it?