The only reason that I care is that when there is hew and cry over a
massively destructive virus, I can point at my virus statistics and say
"oh, our AV calls CME-24 'worm.vb9' - we've been blocking it for weeks."
Then I don't have to worry about what name another group might give it,
and the PHB's will leave me alone for a little while longer.
has anyone ever noticed how much EXTRA work we sysadmins do for that
reason alone? There's a lot of cycles spent, collectively, to prove to
management what we already know.
I've just been asked if we're scanning for tomorrow's outbreak alert and
still have not found anything official. I've found in the mailing lists
that CME-24 is synonymous with worm.vb-8 and worm.vb-9 but it took some
digging. I know I for one would appreciate it if clamav participated in
the CME naming conventions as it would save me a lot of time.
I have yet to see so many AV vendors cooperate to this extent before.
I've scanned several major vendor's websites for cme-24 and they all
list among their aliases cme-24 in a prominent display.
I don't really see the harm aside from Mitre conspiracies. Just my $.02
-eric
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
