Re: [Clamav-users] Virus aliases
On Thu, 11 Mar 2004, Dave Ewart wrote: > ClamAV is a fabulous project - wish I could find some way to contribute. Well, there's always: http://clamav.net/donate.php#pagestart Jeffrey Moskot System Administrator [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus aliases
On Thu, 11 Mar 2004 07:52:44 -0800 "Mitch (WebCob)" <[EMAIL PROTECTED]> wrote: > Maybe I spoke to soon... if you guys are already working on this great > - how will aliases be identified and submissions be processed? > > I've heard that the bigger manufacturers often copy the first known > name - is there a way to get in that peer group? > > Will the system handle multiple aliases in the event it occurs? The idea is to include aliases in a signature and allow clamscan/clamd to print them optionally, eg. clamscan foo foo: Worm.SomeFool FOUND clamscan --aliases foo foo: Worm.SomeFool W32.Netsky FOUND -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 11 19:41:13 CET 2004 pgp0.pgp Description: PGP signature
RE: [Clamav-users] Virus aliases
> -Original Message- > From: Tomasz Kojm > > On Thu, 11 Mar 2004 10:15:50 + > Dave Ewart <[EMAIL PROTECTED]> wrote: > > > 2. Can the alias details be extracted from the .cvd files? If not > > currently, is there any way to add this detail? > > Virus aliases will be supported in signatures in the near future. > Maybe I spoke to soon... if you guys are already working on this great - how will aliases be identified and submissions be processed? I've heard that the bigger manufacturers often copy the first known name - is there a way to get in that peer group? Will the system handle multiple aliases in the event it occurs? Will the system identify the "owner" of the alias (like norton / sophos / etc.) Thanks! m/ --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Virus aliases
> No idea how easy this would be to implement but here goes: > > As well as the virus signature databases, how about having an alias > database which would contain a record for each virus, indicating its > ClamAV name along with those used by the more mainstream AV software > like Sophos, McAfee etc. Then have the scanning software (clamd etc.) > accept a commandline switch to indicate your preferred naming. That way, > if you also use Sopos/McAfee/whatever on internal servers you could get > ClamAV to report an infection using the same naming as internally. Of > course, as the Clam sigs are usually ahead of the rest, the aliases for > a particular virus would all be set to ClamAV's chosen name. Then, as > the other vendors get their signatures out the aliases could be updated > accordingly. > > Workable/unworkable/insane idea? > > Paul I like it! Should be quite simple to implement and very workable - depending on the will of the powers that be to maintain... A little more complex idea would be to create a cololaborative maintenance system allowing the users to update and complete the information - a simple voting system could accept mutliple submissions from confirmed contributors as validation... With such a database (downloadable like freshclam currently maintains regular virus db) we could issue warnings that make more sense to users of bigger name commercial products, and even generate links to their educational content on the virii... The feeling I get is that clam detects the virus - generates the sig and done... Norton, etc. decode it and see what it does and then publish the info - when the link between the clam viruss and the norton name is made (for example) a link to that content would let the clam user know what they found and what potential damage it could or might have already caused. The developers of clam already have probably got their plates full with clam issues... I could (as I imagine many others) consider building and hosting something like this if there was enough support for it - thoughts? Thanks! m/ --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus aliases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday, 11.03.2004 at 13:52 +0100, Tomasz Kojm wrote: > On Thu, 11 Mar 2004 10:15:50 + Dave Ewart > <[EMAIL PROTECTED]> wrote: > > > 2. Can the alias details be extracted from the .cvd files? If not > > currently, is there any way to add this detail? > > Virus aliases will be supported in signatures in the near future. Excellent news! ClamAV is a fabulous project - wish I could find some way to contribute. At the moment, all I'm managing is word-of-mouth praise etc. Cheers, Dave. - -- Dave Ewart [EMAIL PROTECTED] Computing Manager, Epidemiology Unit, Oxford Cancer Research UK PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAUGlEbpQs/WlN43ARAlXXAKCxVz8Cl3kfVFmkSFKw7msX+dPwygCgwTwu X92mp+3brsZ1pLL5K9E6qxY= =I5hu -END PGP SIGNATURE- --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Virus aliases
On Thu, 11 Mar 2004 10:15:50 + Dave Ewart <[EMAIL PROTECTED]> wrote: > 2. Can the alias details be extracted from the .cvd files? If not > currently, is there any way to add this detail? Virus aliases will be supported in signatures in the near future. -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Mar 11 13:51:55 CET 2004 pgp0.pgp Description: PGP signature
RE: [Clamav-users] Virus aliases
No idea how easy this would be to implement but here goes: As well as the virus signature databases, how about having an alias database which would contain a record for each virus, indicating its ClamAV name along with those used by the more mainstream AV software like Sophos, McAfee etc. Then have the scanning software (clamd etc.) accept a commandline switch to indicate your preferred naming. That way, if you also use Sopos/McAfee/whatever on internal servers you could get ClamAV to report an infection using the same naming as internally. Of course, as the Clam sigs are usually ahead of the rest, the aliases for a particular virus would all be set to ClamAV's chosen name. Then, as the other vendors get their signatures out the aliases could be updated accordingly. Workable/unworkable/insane idea? Paul --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users