Comments on: AV stats http://mcwresearch.com/archives/605 Things I think I've thought about Thu, 20 Nov 2008 11:51:04 +0000 http://wordpress.org/?v=2.5.1 By: kurt wismer http://mcwresearch.com/archives/605#comment-4928 kurt wismer Tue, 19 Feb 2008 19:38:58 +0000 http://mcwresearch.com/archives/605#comment-4928 i think i have a handle on the decomposer engine issue now... it has to do with compressed files - password protection (scanners can't guess passwords) and recursively compressed archives that go past the threshold depth that the scanner is willing to go (don't want to get bogged down by a zip bomb)... both of these things will cause the scanner to stop trying and log the event... it's my understanding, though, that you can configure things to quarantine what can't be scanned and since you only have av on the mail gateways it stands to reason that if you do have things configured that way those 1253 decomposer engine failures shouldn't represent potential threats that have slipped through your defenses... i think i have a handle on the decomposer engine issue now…

it has to do with compressed files - password protection (scanners can’t guess passwords) and recursively compressed archives that go past the threshold depth that the scanner is willing to go (don’t want to get bogged down by a zip bomb)… both of these things will cause the scanner to stop trying and log the event…

it’s my understanding, though, that you can configure things to quarantine what can’t be scanned and since you only have av on the mail gateways it stands to reason that if you do have things configured that way those 1253 decomposer engine failures shouldn’t represent potential threats that have slipped through your defenses…

]]>