Silent virus list, was: Palyh-A virus
Richard Siddall
richard.siddall at ELIRION.NET
Mon May 19 19:07:48 IST 2003
Steve Evans wrote:
> I agree with moving the silent virus list to a file. I also think that
> file should be updated like the virus scanners IDE's are updated.
>
I would second that.
Don't we have several problems to overcome?
1/ The silent virus list changes.
Solution: do automatic updating.
1a/ Someone has to maintain the list.
Solution: ?
2/ Different virus scanners use different names for viruses.
Solution: provide one file per virus scanner?
3/ Some viruses disguise the name of the sender.
Solution: group viruses by the algorithm used to recover the email
address of the infected computer's owner. "Silent" just means there is
no such algorithm. For really old viruses, the algorithm is to use the
sender's e-mail address. For other viruses, it's remove the leading
underscore. (We blocked W32/Magistr.32768 at mm last week; it looked like
the virus changed the first letter of the sender's name from an 's' to a
't'.)
Regards,
Richard.
More information about the MailScanner
mailing list