On Monday, Mar 31, 2003, at 19:59 Europe/London, Dave Crocker wrote:
MS> Wouldn't it be more sane to ask people to check the archives for
that
MS> poster? *sigh*
I'm afraid I have no idea what you mean by this text. I do not
understand the sentence.
I've posted statistics before, hence I would hope people can find out
the extra information I had to give.
MS> the globe). So some has got through (about 92-98% accuracy is
usual).
MS> Spam is detected by a variety of means, but most spam is detected
via
as was noted, the link points to a virus monitor, not a spam monitor.
It seems people can't follow links. I realise I should have been more
specific, but if you download the monthly report it contains all the
spam details.
MS> heuristics (and no I'm not proposing this as a long term solution
to
Virus detection that permits labeling the specific virus -- as is done
in the viruseye display -- does not use heuristics. The code does
pattern matching, but not "guessing".
Our AV stuff uses signatures for mopping up the vast majority of known
viruses, which gives the names. For unknown viruses we use heuristics.
Often new viruses get called "Generic" but sometimes the heuristic will
point to it being a new variant of an old virus, so we'll have a name
already using heuristics.
But all this is irrelevant. Follow the links. I'd have posted a direct
download to the March monthly report but it wasn't available at the
time I wrote. It still doesn't seem to be available. When it is, it
will be here: http://www.messagelabs.com/data/viruseye-monthly/mar03.pdf
When heuristics DO get used, the obvious requirement is for
accompanying
statistics about rates of false positives and false negatives. That is,
confidence levels for the heuistics.
Anti-Virus error rate is 0 FN's and 1 in 1 million FPs.
Anti-Spam error rate is about 1 in 1000 FPs based on detecting about
95% of spam.
Matt.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg