Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Time for new Virus Definitions

Status
Not open for further replies.
tgbbz

tgbbz

IS-IT--Management
Nov 24, 2003
17
DE
Hi
I´m writing a Documentation for my trainee (in german.. :) ) and need some information

in the security policies (for my project) must be defined, in what time the software-dealer publishes new virus-signatures.
Can anybody tell me the response time off symantec

the case: there´s a new virus, unknown by the antivirus
the only possibility not to get it, is to stop the mail services on the server, but how long does it take,until symantec publishes new definitions against the new virus???

has anybody experiences on that topic??

sorry for my english
german trainee
 
Sort by date Sort by votes
The same amount of time it takes a pencil to hit the floor!

Changes for every virus, based on complexity percieved risk etc.

But how you would find out about it before Norton I do not know! And you shut down your server LOL thats going to be of PERMENANTLY! [lol]

Iain

 
Upvote 0 Downvote
i think
you missunderstood or ...

when there is a security info about a new virus
but no chance for the antivirus program to kill it...
then i want to know
did anyone ever had an unknown virus and how long time had he to wait for new definitions...?

or the case : the antivirus reports a virus in the mail, but it wasn´t able to delete or repaitr or quarantine it

only chance then, is to shut down the server before infecting other users
i hope it will not come true, but if, how many time will i have to wait for new definitions (i know, virus is not virus, .. same complexity)

tx

sorry for my english
german trainee
 
Upvote 0 Downvote
You can find every day an update on the ftp server from Symantec at the address : ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/beta/
Just take the file vdXXXXX.xdb, put it on the SAV folder on your server, stop the Defwatch service and Symantec antivirus server and restart them. all the client are updated in 2 minutes
 
Upvote 0 Downvote
thanks
but that´s what i´ve known before

having actual definitions but getting a virus
what´s then?
will symantec work fast for removaltools and definitions to kill the new virus

thats what i want to know

or simply : does symantec security center do his job ??(fast)

i´ve never had that problem, but here are some more companys

sorry for my english
german trainee
 
Upvote 0 Downvote
TGBBZ-

Perhaps we fully don't understand your question. There is a Live Update that may be automated to download the definition files - everyone knows that - and if I recall correctly - that is updated weekly (Tuesdays?), in-between Live Updates, the Intelligent Update can be utilized for up to the minute definitions (but not on 64-bit) or the FTP shown above by polharris.

If you are trying to find out how long it takes for the release of definitions to repair items in quarantine, don't hold your breath. In Lab I think I have only witnessed a later update repair a file that was in quaranteen twice. Bare in mind that if items are in quarantine such as e-mail attachments, the attachment is in fact the virus / worm (or virm) and will never be 'repaired'.

In the case of virus removal tools such as FxNetski.exe I think I have seen the tool published with the discovery announcement every time.

In recent lab test we ran SAV CE Server as a fresh install without updates and a Watchguard firewall to prevent outgoing packets, there were 27 attached clients. We release a 'Virm' exploiting the outlook database and random deletion of various Microsoft Office files, and executables (there were 1.7 million files held on the server alone - to give you an idea). Approximately 10 seconds after the release we triggered Live Update. The virus did not manage to end the SAV processes and was contained to a manageable level in about 7 minutes. 3 Workstations were damaged but recovered running the virus removal tool. The server remained operational, however, required a significant restore - approx 176,000 files were deleted.

I feel that may be a WORST case scenario for the Network Administrator that left his pants down with outdated definitions and was diligent enough to be paying attention to what was happening on his network and recognize the symptoms he was seeing.

Probably more than you wanted to know without answering your question - but hey, it's a slow day here.
David
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
555
Oorde
Oorde
DrB0b
  • Locked
  • Question
DKIM for Exchange 2019
Replies
1
Views
463
DrB0b
DrB0b
andyv2011
  • Locked
  • Question
Looking at Virus Actions
Replies
0
Views
226
andyv2011
andyv2011
xit
  • Locked
  • News
New beta product from Malwarebytes 1
Replies
4
Views
409
kjv1611
kjv1611
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
385
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top