On Fri, Jan 07, 2005 at 01:12:02AM +0000, Thalador Du'Fosnee wrote: > Ok, let me get this right. Clamav cannot clean? What good is it? >
"Cleaning" of viruses is a marketing ploy. Very few viruses in recent years "infect" files, they overwrite the good data in the file with their own code. There is nothing left after "cleaning" but a corrupted file. The days when a virus would simply add x number of bytes to the end of a file are long gone. The vast majority of email-borne viruses exist only to create more emails containing copies of itself. There is nothing to clean, and no point in delivering a "we saved you from another virus" notice to the recipient, certainly no notice should be sent to the forged sender address. So a lightweight, dependable, free program that detects viruses so you can take whatever action you see fit is very valuable - especially when you consider the impressive response time of the virus database maintainers. This is most effective when used with some "glue" program that decides what to do when a virus is found. With email, clamav-milter, amavisd-new, qmail-scanner are some popular choices. The sysadmin tells the glue program what to do when a virus is found according to local policy - 550 reject during SMTP, discard, quarantine, all these options are available within popular glue programs. Future versions of clamav may be able to disinfect MS Office documents, but I don't see any point in even trying to disinfect an executable file. The commercial products get this wrong often enough that anyone with an infected executable would be well advised to restore from a known good source rather than trust the file is back in its original condition. -- Noel Jones _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
