Julian Mehnle wrote: > The definition of what _I_ would like ClamAV to detect is: anything > that poses a technical thread, no matter whether it also poses a > social/fraud threat or not. That's a clear enough criterion, isn't it?
Again, that can be interpreted in different ways :) What is a technical threat? 1) Something which causes damage on the destination machine? 2) Something which pops up an annoying, but otherwise harmless message? 3) Something which replicates and just uses some of your bandwidth to propogate? 4) Something which prompts a luser to click on a weblink, and download a programme which, theoretically, has then bypassed segments of your filtering? This not meant as tardiness, but just to point out that the distinction is so blurry. Add to that personal and differing technical concepts and opinions, and the definition again changes. At the end of the day, the developers design it as they see fit. (Thanks for the software, chaps). If the standard database was segregated, some people would inevitably cock up their configs and run with partial protection. This can cause problems not only for themselves, but others, in the case of propogation. There is also the fact, and I am sure that I am not alone, in being very draconian. You control the machines, the users get what they are given :) A better proposition to your predicament would probably be to write an external programme/script which can remove user defined criterion from the database, thereby allowing for personal customisation. This would allow the standard database to cover everything as it does already. The benefit being that someone who does know enough about their requirements to then remove specific portions would not then be shooting themselves in the foot. Matt _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
