On Fri, Jan 23, 2004 at 01:35:09PM -0500, Thomas Reinke wrote:
> I didn't see a decent response to my counter example previously.
> What is the difference between sending a command to a virus that
> you expect will disable it, and sending a "rm" command to an installed
> backdoor to remove a previously discovered virus file that you found on
> the system?
Because you probably want the logs for forensics analysis. If you start
to do forensics for the hundreds of thousands of computers infected
by beagle you will probably be late for dinner tonight.
> For the record, the only counter argument (which btw I mentioned
> as a possibility in the first message of this thread) is that there
> currently is no way of detecting ONLY - the removal command is the
> only way of detecting the virus right now.
Yes.
> But ...
No But's or If's. Why don't you spend some time coming up with a better
detection method instead ?
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
