On Mon, 3 Nov 2003 22:05:02 +0100 "Mark" <[EMAIL PROTECTED]> wrote:
> The sourcemashine is a LINUX which is infected and the target mashine
> is an oBSD with compat_linux in the kernel.
> So let's think about this situation..
> We will take the worst case: All copies of the file are infected on
> the sourcemashine. Sourcemashine hasn't an AV.
> So now my "friend" tux sends me a mail with the file. My Clam-AV
> detects"Hey this file is very very suspect. It's infected with
> unix.take_more_then_2_seconds_to_think_about_a_topic.worm".
> So what should my friend do?
> Should he delete the file and all copies?
> And then? He has to reinstall the OS couse ClamAV wa snot able to
> clean it. What's if the file is very importend?
I think he should reinstall the whole system, create file checksums and
install ClamAV. Or (if your friend was clever enough) reinstall
everythin from a backup.
> Or another example like the first one:
> Both Computer use Clam-AV but the virus/worm is only detecable after
> the last update of the virii-db.
> So what should I and "tux" do know?
Reinstall infected files from a backup.
> If ClamAV will not be able to clean the system/file in the next
> versions it's completly senseless for the mass.
I will only be able to clean M$ Office files.
> If I've to buy Kaspersky for *NIX I dosn't need ClamAV and if I've
> Kaspersky I will send new viruses to Kaspersky and NOT to clamAV couse
> Kaspersky found mostly ways to clean a file.
Thanks to our Users, with last big outbreaks we were much faster than
most commercial vendors. I think it's still a good idea to have ClamAV
installed.
> I wrote an mail to the developers of ClamAV (compare my archive with
> the archive of the developers..) but I dosn't get a response.
> That's proof enough for me and it shows me how much some people care
> about a full functional VirusDB.
This is NOT TRUE. Here are the headers from my Sylpheed:
Date: Thu, 16 Oct 2003 04:49:44 +0200
From: Tomasz Kojm <[EMAIL PROTECTED]>
To: "Mark" <[EMAIL PROTECTED]>
Subject: Re: Maybe a chance to support ClamAV...
Message-Id: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-debian-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Fortunately I used Tomasz Papszun's server so we can ask him for the
original logs.
> Don't misunderstand me I love OpenSource and I respect the work of the
> team of ClamAV!
> Yes I do! And I would spend my complete Archive if ClamAV is able to
> clean anything...
> But so I wanna trade (only) with the developers and I think it's fair.
> But it seams that they wont even if they could.
Never trust free mail accounts.
> mfg. Mark (aka Rembrandt..)
Best regards,
Tomasz Kojm
--
oo ..... http://www.clamav.net/gpg/tkojm.gpg
(\/)\......... 0DCA5A08407D5288279DB43454822DC8985A444B
\..........._ Tue Nov 4 01:09:01 CET 2003
//\ /\
pgp00000.pgp
Description: PGP signature
