Has anyone thought much about including metadata about viruses/worms? For instance, I'd like to develop a mail filtering application that will filter out infected files and deliver the rest of the email.
However, it doesn't make much sense to filter out Klez or other worms since the body of the message is useless. In this case it would be better to just drop (or reject) the entire message. Right now there is no deterministic way of deciding what to do in this case, resulting in system wide policy being defined that is a best guess or often pessimistic. The biggest problem I see is developing this information for the signatures already in the ClamAV database. However, maybe it is useful for future viruses and worms? Any opinions? JE --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
