Hi,
As I understand, we dont have a solution today for zero-hour viruses.
When there is a new virus outbreak, clamAV team works out signature
of this virus & provides this info in next signature database update.
There is generally a time gap between the time clamAV team becomes
aware of a virus outbreak & the time signature update is released.
Could be anywhere between 2 hours to 15 days ?
As soon as clamAV team is aware of a virus outbreak, is it possible
to publish an update which contains: whether a virus update is
impending, Virus risk level( low, medium, high), Risk description. In
the same way freshclam listens for signature updates from clam data
center, it can listen for this new information too.
With this feature, it is possible for server anti-virus filters or
gateway virus proxies to provide a feature like:
If a virus signature of certain risk level is impending,
restrict web access to only business-critical applications or devices.
If a virus signature of certain risk level is impending, accept
SMTP connections to only business-critical mailboxes.
Such a feature helps administrators to atleast mitigate the zero-hour viruses.
Please let me know your comments.
Thanks,
Babu
********************************************************************************
This email message (including any attachments) is for the sole use of the
intended recipient(s)
and may contain confidential, proprietary and privileged information. Any
unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended
recipient,
please immediately notify the sender by reply email and destroy all copies of
the original message.
Thank you.
Intoto Inc.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
