Let's talk about the AV product called X. X is installed at
2000 companies on 2,000,000 mailboxes. I mean all the mailboxes
are protected. Then every time an email comes in it is analysed
and a hash is generated then compared against a distributed
database (as you wrote). I guess it works this way.
Digitally yours,
Janos SUTO
On Tue, 22 Nov 2005, Cami wrote:
[EMAIL PROTECTED] wrote:
I attended a conference where I heard about the Zero-Hour protection
by Commtouch and a Hungarian AV-vendor has licenced their solution.
Basically Commtouch has many sensors (probably email addresses) in the
Internet. If the sensors are picking up a lot of similar emails it is
obvious that they are virus/worm/spam/... This technique does not need
any signature since it counts the similar messages so it can give you
protection before any signature could be made.
This is unlikely. Viruses tend to spread to mail addresses
stored inside peoples address books and not to honeypot
mail addresses.
Cami
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
