On 1/29/06, Mar Matthias Darin <[EMAIL PROTECTED]> wrote:
>
> If this methodology catches 80% of viruses, then it is indeed worth the
> investment, if it catches only 20%, is the approach still worth the time and
> resources to develop, refine, and maintain it.
At the proxy level it should work reasonably well (keeping in mind
that clamav is aimed at catching email viruses). I've used products
that work that way before.
As a packet scanner I'd be surprised if it ever amounted to much. The
technical problems are rather large :) Off the top of my head:
1) You'd need to decode the packet contents on the fly
2) Anything running over 1 packet would never be spotted
3) By the time the packet has gone by, it's probably already too late
4) If you run inline the delays will be significant
> It is this line of thinking that I am interested in, is virus scanning
> single packets worth the cost of production..... Not weather it can be done
> or rude and inconsiderate comments from individuals that obviously missed
> the intent of the question.
Ultimately that's a business decision, not a technical one.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
