On Apr 6, 2004, at 4:31 PM, Eric Rostetter wrote:
Quoting jef moskot <[EMAIL PROTECTED]>:
On Tue, 6 Apr 2004, Eric Rostetter wrote:But changing the name after the fact would just confuse people more.
I completely disagree. Hardcore Clam users are more likely to understand
the reality of the situation and realize that the ClamAV team has to call
the viruses SOMETHING. Usually, that's the same name everyone else uses,
but sometimes it isn't.
Great for netsky since almost everyone uses it. But what about viruses
that have multiple names from the other vendors and the media? For the
first week, SCO (clamd) was called novarg by most, until the media took
off with mydoom and that became the new name. Should clamav have migrated
along from SCO to NOVARG to MYDOOM just because the others came along
later and in that order?
That is the name that is popularized by the media after the fact...I think many "larger" AV vendors put the aliases in their virus encyclopedias online, don't they?
There's maybe a small amount of confusion for a couple days, and that's
that.
Most viruses don't last for more than a few days anyway, so this only applies to the rare cases (like lately with the virus wars over netsky et al).
Tell that to my web server...I still see hits from blaster...
But we are constantly being asked by casual (or new) users why ClamAV doesn't pick up Netsky
Yes, but the user is just being stupid. They are not getting infected with netsky, so obviously it is picking it up.
Hardly. Sometimes when justifying to the PHBs that ClamAV is just as good, if not better than, other solutions you need to answer the questions the PHBs get when they watch the evening news. It would be helpful if you could point them to a knowledge base article or encyclopedia from Clam saying "it's an alias for virus FooBar....says so right here, added on ya ya ya in database version X...and we're protected because our signature version is Y."
what the heck "SomeFool" is, etc. Many of those
You don't think you'll get that question even if you use the more common
name for viruses?
It's not the question, it's enabling users to easily find the answer. The question will still get asked, but seeing that most of the admins running ClamAV are hopefully a little more skilled than the average user, most of the questions should be answered at the local administrator level rather than the Clam team level. If the answer were a simple site lookup of an entry for a virus name that was cross-referenced (or put on a separate server that could be CVS'd or Rsynced for a local copy...)
On top of that, we have our database being freshclammed several times a day. Since most of the Windows viruses are now fully automated, what happens in the hours between a virus getting released and then discovered then added to the database then our server getting refreshed? Not everyone is running freshclam on the mail server...we're using it to scan incoming mail then forward the mail to our internal mail server. That means that if the WindowsDeath virus comes in before our database holds it, it will get to our internal servers...where a "backup scanner" has to catch it. Then we get into the aliases of viruses problem...we get a report of virus WindowFool being in the message. Are we protected now, it was just something that slipped in between updates? Or is it something we need to worry about? Or...?
The process becomes more time-consuming to verify than it needs to be. That's just the price to pay for a solution as flexible as ClamAV...
Other than some kind of issue with logging things by virus name, are there
any sensible reasons to not use the same name everyone else in the
computer community is using?
It adds overhead to a volunteer project. Let the other vendors have their fun renaming things with the proprietary name games. It would probably be easiest if the Clam group responded by just making an alias encyclopedia, in my opinion...
Also, as I've pointed out, not all the AV vendors agree on the names. It
usually isn't clamav against the world (as it appears with netsky). It is
more normal that there are 2, 3, or 4 other names for the virus. And you
never know which will become the most popular until days or weeks after
you name it.
worse are the games where a minor minor variant comes out, they slap a new name on it, and then promote their product as catching x,000 viruses while neglecting to mention that 200 of them are the same virus, only instead of having "screw you" embedded in it it has "screw you!", "No, screw YoU!",...etc. etc. etc.....
Oh well. That's my view, anyway...
-Bart
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
