On Wed, 14 Apr 2004, Bart Silverstrim wrote: > On Apr 13, 2004, at 7:16 PM, jef moskot wrote: > > Personally, I don't understand why this particular name has not been > > changed, given the prevalence of this worm. > Statistics being broken, it would create "transient" viruses that in > reality were just renamed, adds to the cruft of multiple names floating > around in lists and search engines,....
I'm only talking about the seriously ridiculous differently-named worms here. Let's say, for example, one we're all probably receiving (at least) a couple hundred of each day. (I don't even think there's another example in the ClamAV database.) The "broken statistics" argument is the only one I think carries any weight. I personally don't care about this one, and even if I did, it doesn't sound like anything that can't be fixed with a simple search and replace, but I understand how this could be a big deal for some of us. If you want to get rid of "cruft", eliminating "SomeFool" would be a good way to do it. Actually, I think it should have been done a long time ago, once it became obvious that this one's going to be with us for a long time. To me, the only question is: is the continuing confusion worse than the work necessary to change those databases? I don't suppose we actually have the data to answer that question. But, as I said before, if a new user who is considering using ClamAV checks to see if the worm that's currently slamming his server is detected by ClamAV and he does the most reasonable search possible, it's going to look like ClamAV doesn't do the job. If another crappy magazine reviews ClamAV, a hack writer could check the database and write "Ha, it doesn't even catch Netsky!". I think a concern with image is legitimate. Calling a well-known worm something else for no immediately obvious purpose (yes, it makes sense when you explain it to someone, but most users wouldn't get that on their own) makes the product seem a little dicey. It might make admins ask, "Should I put nonconformist software on my production server?" > A central repository of cross-references would probably be the best and > most resilient solution. I definitely agree, but that's a lot of work. I know I keep saying the same thing here (and I'll stop now, if nothing new is brought up), but this seems like a real no-brainer to me. It might be different if we weren't constantly getting questions on this list the whoel SomeFool/Netsky issue. I just don't understand why we're insisting on going against the grain on this one... Sorry to go on about this so much, because it really is a minor point, but it seems like we're being a little silly with this one. Jeffrey Moskot System Administrator [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users