Clamav signature generation
Tony Johansson
tony.johansson at SVENSKAKYRKAN.SE
Fri Jan 30 12:43:27 GMT 2004
>
>I hope this puts things into perspective.
>
>Phil
Well yes, but thats not the issue here.
I'm looking for a way (without putting all viruses in quarantine) to store
files that are flagged as viruses by scanners other than Clamav.
I could then submit this file to Clamav or produce my own signature.
Regards, Tony
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>> Behalf Of Tony Johansson
>> Sent: 29 January 2004 18:38
>> To: MAILSCANNER at JISCMAIL.AC.UK
>> Subject: Clamav signature generation
>>
>>
>> These are the times when antivirus companies had a virus
>> definition for
>> Mydoom.A:
>> (I dont know how accurate they are, I got them from a source
>> at F-Secure)
>>
>> McAfee (BETA) 2004-01-26, 22:20
>> F-Secure (BETA) 2004-01-26, 22:36
>> Symantec (BETA) 2004-01-26, 23:00
>> F-Secure 2004-01-26, 23:09
>> F-Prot 2004-01-26, 23:30
>> Trend Micro 2004-01-26, 23:35
>> Norman 2004-01-27, 00:05
>> Kaspersky 2004-01-27, 00:30
>>
>> At our site, Clamav found the first Mydoom.A at 2004-01-26
>> 22:02, this time
>> beating all the above commercial scanners. Clamav obviously
>> did great this
>> time, but on other occasions they have been far behind.
>>
>> Is there a way to redirect a file thats been flagged as a
>> virus by one or
>> more scanners but not by clamav? It could be put in a special
>> quarantine or
>> submitted automaticly to http://www.nervous.it/~nervous/cgi-
>> bin/sendvirus.cgi
>>
>>
>> Clamav would have the power of all scanners supported by MailScanner,
>> possibly never being beaten by more than on or two commercial
>> scanners...
>>
>> One could argue that theres a moral dilemma here, using the
>> output from one
>> scanner to benifit another but I've seen nothing prohibiting
>> this in the
>> license agreements I've read.
>>
>> regards, Tony
>>
More information about the MailScanner
mailing list