Take a look at http://www.whitehats.com for a precedent. They have free (as in IPR free) signatures for intrusion detection, usable by the likes of SNORT. With viruses as prevalent as SIRCAM, I think it won't be hard to let CERT, etc. release a malware signature string that you can plug into your engine. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
