Silent virus & new mail worms...

[Mariano Absatz]

Hi,

Kevin Miller asked a few days ago about av-scanners identifying by means of
an option the e-mail borne virus so they could be automatically categorized
as "silent virus" by MS and apropiate action be taken (e.g. "Still deliver
silent viruses = no").
http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0402&L=mailscanner&P=17196

Jason Balicki said Sophos is working on this (or so their PR people lie
about):
http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind0402&L=mailscanner&P=17462

I aske about this in the clamav list a few days ago (actually asking for
the virus database format, in case it already existed):
http://mail-archive.com/clamav-users@lists.sourceforge.net/msg04859.html

Fajar Nugraha sugested using the 'Worm.' prefix in the name of the virus to
identify them:
http://mail-archive.com/clamav-users@lists.sourceforge.net/msg04863.html

I don't know about other scanners, but they may also have a standard string
within their name implying it is a mail worm.

Now, Julian, would you consider this as a wished option?

It'd be a new option like this (configured for clamav):
Silent Viruses Regex: /^Worm\..*/

This way, we can immediately recognize new e-mail worms as 'Silent' and
process them appropiately...

I wouldn't eliminate the "Silent Viruses:" option, just in case.

TIA.


--
Mariano Absatz
El Baby
----------------------------------------------------------
In Heaven, the police are British, the chefs are Italian, the beer is
Belgian, the mechanics are German, the lovers are French, the entertainment
is American, and everything is organised by the Swiss.

In Hell, the police are German, the chefs are British, the beer is American,
the mechanics are French, the lovers are Swiss, the entertainment is Belgian,
and everything is organised by the Italians.