Kelson wrote: > John Rudd wrote: >> But, without a coherent and explicit name convention, the rules for >> doing so would be so complex as to be not be worth the effort in writing >> them. In some cases, it's even ambiguous as to which of the above >> categories a given message falls in to. > > Or, alternatively, a piece of metadata associated with each signature > that indicates its category, which is returned as part of the results. > > Advantage: conceptually cleaner than messing with the name. > Disadvantage: need to change calling methods to handle another return > field; need to decide on categories; will eventually need to add categories. >
I would be fine with a metadata solution, but part of that information is clearly already being put into the virus name; if you start to put it into metadata, then the virus name might as well just be a number. And, the infrastructure for getting that metadata should be very easy to work with (a well documented argument to clamscan/clamdscan, a well documented set of calls into libclamav, and a well documented set of calls into the various scripting interfaces to clamav). _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
