> -----Original Message----- > From: Antony Stone [mailto:[EMAIL PROTECTED] > Sent: 20. september 2003 21:31 > To: [EMAIL PROTECTED] > Subject: Re: [Clamav-users] RE: UPDATE81.exe getting thru > > On Saturday 20 September 2003 6:39 pm, Daniel J McDonald wrote: > > > I would prefer that clamav be able to determine if it appears to > > be a virus, even one damaged to the point of non-existance. > > Detecting something which doesn't exist sounds tricky to me. > > Antony. > > -- > > I vote "no" to this proposal to form a committee to investigate whether we > should or should not hold a ballot on whether to vote yet. > >
The current standpoint of the team maintaining the DB is to include signatures that also detect damaged viruses. These signatures are often used to detect e-mails that somehow "lost" the damaging part. This is to prevent users from getting bombarded with e-mails containing only nonsense. The problem with these damaged viruses is that in some cases creating a signature will increase the risk of false positives when the "leftovers" are minimal. In the case of Gibe.F it was necessary to collect enough samples to understand what was common between them. Because it is uncertain if the person behind Gibe.F copied the embedded images from Microsoft, it wasn't an option only to use these. Best regards, Diego d'Ambra ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
