Török Edvin wrote:
On 9/23/06, James Courtier-Dutton <[EMAIL PROTECTED]> wrote:
Hi,
I know that clamav is designed to scan emails well, and it does a very
good job of that. It can also scan files on the HD. In order to improve
the scanning of files on the HD, has anyone considered building a
signature database of know virus free executables. clamav could then do
a checksum on each file, if the checksum matches a known good signature
for that filename, it can skip scanning it for viruses.
Wouldn't that database of virus-free executables grow too much over time?
It might get large, but it would allow for fast lookups.
e.g. search database for filename X. return list of 5 signatures to
check against for that particular file.
One could also
then do reports of all the "unrecognised executables" and let the user
either manually accept an unknown executable,
What if the user accepts a virus as a 'virus-free' executable? Can we
trust the user to make that choice?
Edwin
There could be varying levels to "user". I could the the IT department
of a company, who has some of their own home grown applications. They
could add signatures for their own applications, but not allow the end
user to add their own signatures.
James
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
