Hi. I notice several submission for the virus signature database have been rejected recently because they're damaged or incomplete samples.
I can see that from a technical point of view a damaged or broken virus isn't going to do any harm (assuming it's sufficiently damaged / broken that it won't execute) and therefore it isn't entirely appropriate to identify it as a virus. However, from a non-technical person's point of view, it doesn't do ClamAV's reputation much good if they see some other antivirus product identify a file as "Sobig.F.dam" and ClamAV doesn't identify it at all. Such people are not necessarily interested in the finer details of whether the thing is actually dangerous or not - they just see that ClamAV didn't catch it (whatever it is), whereas antivirus product X did, therefore product X must be better :) Therefore my suggestion is that a third signature database file be created, in addition to viruses.db and viruses.db2, and this new file contains all the signatures of "damaged" viruses. That way the technical purists can leave this database off their systems, and know that they will detect only genuine viruses, whilst those of us who have to deal with more "marketing" type people (who are happy to believe things like "this antivirus product detects over two hundred thousand different viruses") can keep the third database and know that we will be detecting all the damaged and broken viruses that everyone else's antivirus product picks up. If the idea of having an extra database file is too much of an overhead to implement efficiently in ClamAV, then perhaps we could simply have an additional file which gets distributed, but has to be appended onto the end of viruses.db in order for it to become effective on a system - then there would be no changes to the code at all, and only those people who want to match broken samples will need to do an additional 'cat' at the end of their freshclam update. What do people think? Antony. -- Software development can be quick, high-quality, or low-cost. The customer gets to pick any two out of three. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
