> Since when? As long as I've been using it, it's been a detection-only > system. The frameworks that use ClamAV (milter, amavisd, etc) handle the > quarantining. All ClamAV does is say "file good" or "file bad".
I guess it depends on how you use/implement ClamAV on your system. When you install ClamAV on *nix, you will find a utility that implements libclamav called clamscan: clamscan --remove[=yes/no(*)] Remove infected files. Be careful! clamscan --move=DIRECTORY Move infected files into DIRECTORY clamscan --copy=DIRECTORY Copy infected files into DIRECTORY On Wed, May 12, 2010 at 12:25 PM, Freddie Cash <fjwc...@gmail.com> wrote: > On Wed, May 12, 2010 at 9:01 AM, Alain Zidouemba > <azidoue...@sourcefire.com>wrote: > >> > ClamAV can only detect malware, it does not clean or even quarantine >> > anything. >> >> ClamAV does not just detect malware, it can can quarantine it. > > > Since when? As long as I've been using it, it's been a detection-only > system. The frameworks that use ClamAV (milter, amavisd, etc) handle the > quarantining. All ClamAV does is say "file good" or "file bad". > > >> > And it's geared toward e-mail, which means the focus of the AV DB will be >> > threats that use e-mail as an attach vector. As such, you won't >> signatures >> > in the DB for things like boot sector viruses, or rootkits, or things >> like >> > that. >> >> The focus of the AV DB is not just threat that use email as an attack >> vector, but rather malware that can make its way to end-users >> machines, regardless of the vector or attack. >> > > That could be, although everything I've seen on this list has been that > ClamAV is geared toward e-mail-based malware. > > -- > Freddie Cash > fjwc...@gmail.com > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
