Jim Maul wrote:
I disagree. The "AV vendor" is the only entity capable of keeping such "meta data" about the virus Genus up to date. I'd love to see AVs say "this is virus XXX, and it is a mass-mailing virus".
This is not really a function of the av scanner, but rather a function of the program which is used to call the av scanner. clamav just says YES or NO it is a virus or isnt. Just as an example, im using qmail with qmail-scanner and clamav. qmail-scanner has the ability to define a list of mass mailing viruses to as to not send notifications to the sender.
ClamAV does add such details to the virus name - but I don't know how consistant it is.
Also, as Jim points out, the real issue these days is why send notifications at all? Almost all viruses are mass-mailing these days (I haven't seen a macro virus [that isn't a mass mailer] for several YEARS now), so it is WRONG to notify the sender - AS THEY DIDN'T SEND IT :-)
-- Cheers
Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
