Hi!
7-Янв-2005 18:46 [EMAIL PROTECTED] (Lionel Bouton) wrote to ClamAV users
ML <clamav-users@lists.clamav.net>:
>>1. When (I hope, not "if") disinfection will be implemented?
LB> disinfection is implemented by your backup software, just restore the
LB> last backup to restore infected files clamav will delete. If you don't
LB> have any backup you have huge problems nobody can help you with...
Let me rephrase: ClamAV currently miss useful feature and will never
implement it? :( Of course, backup is a good thing, but what happens, for
example, if ClamAV removes (instead disinfection) backup program itself?
Also, there are some law-related things, that some countries (like USA, with
DMCA) _prohibit_ backuping...
Well, I see your point. I wholeheartly not agreed with it (for us, life
prove that you mistake here), but I will not (currently) debate this (even
though this will remain a lot of users unfortunate).
>>2. How handled viruses, which affects not only files (there are a lot of
>> ways:
>>- boot-viruses;
LB> they don't work with windows.
At least, they work with DOS. Win9x/ME runs over DOS.
LB> Your PC won't boot anymore :
Wrong. PC _will_ boot with (most) boot-viruses (like it boots with
programs, like "drive overlay" from Ontrack).
LB> restore backups or use fdisk /mbr.
"won't boot ... use fdisk".
As I understand ClamAV doesn't cures (and this never possible with
present ideology) OneHalf virus?
>>- modifying batch/scripts/source files;
LB> detected.
>>- adding Run keys in Windows registry;
LB> restore backups.
:(
>>- modifying other vital Registry keys
LB> restore backups.
Especially, when after ClamAV removes infected file, Windows will not
be booted/works correctly (because vital keys in given case)... Fine
proposal. :(
>>).
>>3. How handled viruses, which doesn't modify files (like NIMDA)?
LB> Use a firewall, apply security fixes.
There will be too late, when virus already infects system (for example,
through newly discovered hole in system, which not yet protected by any
firewall/fix).
LB> From what I read in your post, you
LB> seem to be mistaking AV solutions with a full fledge security policy
LB> involving AV solutions as an item among others.
Antivirus, as in real life (from where programs called), should detect
and remove virus. Will be strange, if drug instead curing you, will kill
you, as virus medium, which is "impossible" to cure into "original state".
On the other side, backup may complement AV, but can't _replace_ it - for
example, you can't (in current real life) backup _immediately_ any change in
your programs and documents (which, "thanks" to MS, also may be infected,
also as many other _data_ formats). So, _very probable_, that even with
backups you "cure" from backup far not very recent edition. Same for
firewalls and other security things: they can't replace full-featured AV,
which is last level of defence and protect you, when virus pass around above
levels.
Strange, that I should explain such trivial concepts here. Sorry, may
be, I was mistaken by program name ("antivirus"), which, probably, used
instead something like "mail-scanner with rudiments of independent AV
program" (at least, I get tripple mentioning, that ClamAV oriented only for
scanning mail).
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
