Hi, As I understand, we dont have a solution today for zero-hour viruses. When there is a new virus outbreak, clamAV team works out signature of this virus & provides this info in next signature database update. There is generally a time gap between the time clamAV team becomes aware of a virus outbreak & the time signature update is released. Could be anywhere between 2 hours to 15 days ?
As soon as clamAV team is aware of a virus outbreak, is it possible to publish an update which contains: whether a virus update is impending, Virus risk level( low, medium, high), Risk description. In the same way freshclam listens for signature updates from clam data center, it can listen for this new information too. With this feature, it is possible for server anti-virus filters or gateway virus proxies to provide a feature like: If a virus signature of certain risk level is impending, restrict web access to only business-critical applications or devices. If a virus signature of certain risk level is impending, accept SMTP connections to only business-critical mailboxes. Such a feature helps administrators to atleast mitigate the zero-hour viruses. Please let me know your comments. Thanks, Babu ******************************************************************************** This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc. _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net