Rob MacGregor wrote: > On 10/14/07, Aniruddha <[EMAIL PROTECTED]> wrote: >> Thanks for the answers, does anyone know this for sure? > > Quoting the ClamAV home page: > > ...designed especially for e-mail scanning on mail gateways. > > So no, it's not designed to detect rootkits. >
I don't think it's designed to not detect them, either. All that is needed is some patterns to look for and which anyone can create. A problem you get into with this is you need to find patterns for a rootkit for your architecture. AIX running on a PowerPC machine is going to look quite a bit different than a rootkit for Tru64 running on an Alpha chip. I think a good installation of TripWire is probably as good or even a better way to find rootkits or any unwanted changes to the system area, though. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
