On 11/22/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hello All! > > I would like to know whether you plan to extend clamav with a "zero-hour" > like signatureless virus detection. Some info about the idea can be found > here: http://www.commtouch.com/site/OEM/zero_hour.asp
I am sorry but I fail to see what we could ever use this for also I have serious doubt about there claim that they are "proactively scanning the Internet " - they gotta have access to a hole lot of servers in order to do this. We could perhaps extend clam with certain heuristics allowing clam users to report suspicious code at a early stage for examination - but one problem with scanning heuristics is that they often rely one information gathered while researching the internals of a virus and thus if these characteristics are made public available virus writers will try to work around them. On the other hand programs like bogofilter, dspam and spamassaasin are very good at fighting spam even though they are open source so maybe there is room for a OSS heuristic scanner (although one could claim that writing a successful virus is far harder then writing Viagra in a email). Just my two Euro cents -- Lars Roland _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
