Is KAV worth it?

warhed · 08-05-2010, 10:58 PM

I've read a few threads here and have to agree that CLAM seems to do a good enough job to not bother with KAV and rather put KAV on the desktops themselves.

Today one of my clients who uses UT with KAV and CLAM received that god damn MF Rogue Antivir popup virus. The user was smart enough to shut down immediately, but it still got on his system. A quick scan with Malwarebytes snuffed the Rogue Antivir and got rid of it.

I put KAV trial on this persons system even though they were using Eset NOD32 Business paid edition (which we are removing promptly for KAV 2010/11).

So KAV didn't stop this virus at all, and frankly not many AV's can but some Malware programs can just fine (Such as the aforementioned Malwarebytes).

So no sail on the KAV module, I had high hopes but it really doesn't seem to stop much. Our Trend Scanmail stops whatever Clam misses and that isn't too much. We seem to be fine email wise.

Any thoughts on other people's experiences would be welcomed.

Solignis · 08-05-2010, 11:19 PM

IMO yes KAV is worth every penny!

Though KAV will not be able to stop EVERYTHING, it does a bang up job for us. More of the work we get out of it comes from it filtering email bound for our Exchange server.

warhed · 08-05-2010, 11:25 PM

I agree about the email blocking, it does a stellar job at that no doubt and I am a huge fan of the big K (Use it on my desktop here and have for 6 years).

Since we already have an AV for Exchange it won't really help us, but if you didn't I would say it is worth it, just don't expect it to do much else other than email blocking.

f1assistance · 08-06-2010, 04:15 AM

It's obvious no AV is 100% effective (Blacklisting clearly doesn’t work), that said, we know layers are a next best solution and running several different AV’s is safer but still not 100% as is Whitelisting. I have CLAMAV, KAV running at the perimeter (UT) and either MSE or NOD32 (could be any other AV) on the desktop, and I’m still subject to the weakest link (the USER)…Remember, social engineering works every time it’s tried and time is not on our side!

Big D · 08-06-2010, 09:54 AM

Heres a screenshot from one of our hardest hit sites with 49 days up

Most is from email with tarpitting enabled (thank god they finally bought commtouch). Goverment folks like porn and viagra apparently. Its crazy they usually have about 3 hour window to look at spam logs before having to go to the SSH logs and during a high activity spam attack they may have 20 minutes worth of logs.

warhed · 08-06-2010, 10:03 AM

^ Good god! Wow that is bad (or good depending on your view eh?).

What about Commtouch, doesn't that also stop viruses due to the origin/nature/RBL of the emails? Apparently not after your screen shot, but just curious. So far my clients have been very happy about almost zero spam but we are using the default, and excellent, OS version. We also have some of the Exchange 2003 antispam options on (IMF affects Untangle so that is off). So far so good, oh and we are set to VERY HIGH with zero false positives!

I understand this is a multipronged defense but I am not much of a sales guy, more tech side, but rather than duck away from my lack of sales skills I would rather get more knowledgeable of the product to help sell it if I can. Being able to sell at least the KAV and Commtouch is my goal at the moment as those are the main items people want and will see the results from.

I guess I should just enable the free trials on Commtouch too!

dmorris · 08-06-2010, 10:07 AM

Quote:

Originally Posted by Big D

Heres a screenshot from one of our hardest hit sites with 49 days up

Most is from email with tarpitting enabled (thank god they finally bought commtouch). Goverment folks like porn and viagra apparently. Its crazy they usually have about 3 hour window to look at spam logs before having to go to the SSH logs and during a high activity spam attack they may have 20 minutes worth of logs.

nice screenshot!

PCS · 08-06-2010, 10:12 AM

Nice! That screenshot is a great example that using both antivirus engines is quite beneficial.

Big D · 08-06-2010, 10:27 AM

Thats about 100 users at some airport.

warhed · 08-06-2010, 10:29 AM

I was thinking it would be more users to cause that much AV traffic! Is this network open to the public (Hotspot etc) or is this the actual network for the internal employees at the airport?

I noticed that once one of my clients received an Exchange crushing AV that got us blacklisted for a couple days, our AV "attacks" or presence has become 10 fold or more! Once a target, always a target I guess.

08-05-2010, 10:58 PM	#1 (permalink)
warhed Master Untangler Join Date: Jul 2008 Posts: 103	Is KAV worth it? I've read a few threads here and have to agree that CLAM seems to do a good enough job to not bother with KAV and rather put KAV on the desktops themselves. Today one of my clients who uses UT with KAV and CLAM received that god damn MF Rogue Antivir popup virus. The user was smart enough to shut down immediately, but it still got on his system. A quick scan with Malwarebytes snuffed the Rogue Antivir and got rid of it. I put KAV trial on this persons system even though they were using Eset NOD32 Business paid edition (which we are removing promptly for KAV 2010/11). So KAV didn't stop this virus at all, and frankly not many AV's can but some Malware programs can just fine (Such as the aforementioned Malwarebytes). So no sail on the KAV module, I had high hopes but it really doesn't seem to stop much. Our Trend Scanmail stops whatever Clam misses and that isn't too much. We seem to be fine email wise. Any thoughts on other people's experiences would be welcomed.

08-05-2010, 11:19 PM	#2 (permalink)
Solignis Join Date: Jul 2008 Location: Hudson, Ohio, USA Posts: 1,670	IMO yes KAV is worth every penny! Though KAV will not be able to stop EVERYTHING, it does a bang up job for us. More of the work we get out of it comes from it filtering email bound for our Exchange server. __________________ Easy things should be easy, and hard things should be possible. -- Larry Wall, Creator of perl

08-06-2010, 10:27 AM	#9 (permalink)
Big D Master Untangler Join Date: Nov 2008 Posts: 691	Thats about 100 users at some airport. __________________ The beatings shall continue until morale improves!

Protect

Filter

Perform

Connect

Manage

Add-Ons

08-05-2010, 11:25 PM	#3 (permalink)
warhed Master Untangler Join Date: Jul 2008 Posts: 103	I agree about the email blocking, it does a stellar job at that no doubt and I am a huge fan of the big K (Use it on my desktop here and have for 6 years). Since we already have an AV for Exchange it won't really help us, but if you didn't I would say it is worth it, just don't expect it to do much else other than email blocking.

08-06-2010, 04:15 AM	#4 (permalink)
f1assistance Master Untangler Join Date: Apr 2009 Location: Holly Springs, NC URLs submitted: 154 Posts: 218	It's obvious no AV is 100% effective (Blacklisting clearly doesn’t work), that said, we know layers are a next best solution and running several different AV’s is safer but still not 100% as is Whitelisting. I have CLAMAV, KAV running at the perimeter (UT) and either MSE or NOD32 (could be any other AV) on the desktop, and I’m still subject to the weakest link (the USER)…Remember, social engineering works every time it’s tried and time is not on our side!

08-06-2010, 10:03 AM	#6 (permalink)
warhed Master Untangler Join Date: Jul 2008 Posts: 103	^ Good god! Wow that is bad (or good depending on your view eh?). What about Commtouch, doesn't that also stop viruses due to the origin/nature/RBL of the emails? Apparently not after your screen shot, but just curious. So far my clients have been very happy about almost zero spam but we are using the default, and excellent, OS version. We also have some of the Exchange 2003 antispam options on (IMF affects Untangle so that is off). So far so good, oh and we are set to VERY HIGH with zero false positives! I understand this is a multipronged defense but I am not much of a sales guy, more tech side, but rather than duck away from my lack of sales skills I would rather get more knowledgeable of the product to help sell it if I can. Being able to sell at least the KAV and Commtouch is my goal at the moment as those are the main items people want and will see the results from. I guess I should just enable the free trials on Commtouch too!

08-06-2010, 10:12 AM	#8 (permalink)
PCS Master Untangler Join Date: Mar 2008 Posts: 154	Nice! That screenshot is a great example that using both antivirus engines is quite beneficial.

08-06-2010, 10:29 AM	#10 (permalink)
warhed Master Untangler Join Date: Jul 2008 Posts: 103	I was thinking it would be more users to cause that much AV traffic! Is this network open to the public (Hotspot etc) or is this the actual network for the internal employees at the airport? I noticed that once one of my clients received an Exchange crushing AV that got us blacklisted for a couple days, our AV "attacks" or presence has become 10 fold or more! Once a target, always a target I guess.