Hello Markus, Le jeudi 1 Septembre 2005 17:47, Markus Beck a écrit : > Hello everybody, > > which techniques are implemented in clamav so far as to recognize > little derivates of malware? I'm thinking about versions of > Phatbots using only e.g. different IRC-Channels: Wouldn't be their > signatures different, too?
The signature should be the most generic as possible, without handling false positives. There is different techniques to create a signature. One is to base the signature against the executable code of the malware. In that way, many different variant (e.g. different IRC-Channels used in this case) could be caught. -- Cordialement, Arnaud Jacques Consultant Sécurité Téléphone / Fax : +33-(0)3.44.39.76.46 Portable : +33-(0)6.24.40.95.03 E-mail : [EMAIL PROTECTED] Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois _______________________________ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
