> Seems like AV companies need to start using more advanced > pattern matching to catch these variants, rather than relying > on specific signatures.
It's only a question of time that AV-engines will run a virtual PC sandbox and let start inside the suspicious file. If certain actions are taken like outgoing smtp-connections, registry-changes, changes in the %windir% directory structure it's very suspicous. Regadring the BANNAME-DNS-Idea: First of all in my opinion it should be replicable across multiple servers in order to avoid failures due to overload and DDOS-attacks. Adding additional file properties like file size and CRC checksums is a good idea. Who has the knowledge to set up such a DNS-structure? Who can develope an external test who is able to extract all attached file names (full Mime-type support needed or based on the temporary directory created by declude.virus? Should it be an external test for d.junkmail in order to have much more possibilities or should it act like an av-scan engine with simple result codes and a report-file that is able to give the feedback as virusname like "file ... is a possible virus" Markus --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
