On Mon, 15 Nov 2004 18:00:32 +0100 in [EMAIL PROTECTED] "Julian Mehnle" <[EMAIL PROTECTED]> wrote:
> Brian Morrison [EMAIL PROTECTED] wrote: > > What I am suggesting is that, because you appear to have a > > requirement that is significantly different from nearly everyone > > else that has responded in this thread, > > (I don't think you're judging the proportions correctly.) I stand by the "nearly everyone else" statement that I made above. I have seen two or maybe three comments that are on your side of the discussion, neither seemed as exercised about it as you. > > > you are in the best position to roll your own solution rather than > > suggesting that ClamAV is changed to accommodate your requirement. > > [...] > > I find it really hard to understand why you want to do it as well, I > > find that ClamAV kills the obvious signature-based phishing attacks > > and SA spots those that ClamAV doesn't. Two lines of defence is fine > > by me. > > What I don't understand is that no one seems to be willing to discuss > my proposal of making the signature database modular, i.e. offer > social engineering attack signatures separately from technical attack > ones for download and installation. That would solve my and others' > problem nicely, and would take _nothing_ away from those who don't > care what ClamAV detects. There are two problems: 1) Deciding which signatures are added to which database (which you will care about and I will not assuming I am using both of them) and 2) It takes extra work for someone to make the decision, create the separate databases etc. As I see it if you want to take up that task and provide the separated signatures for download for those that wish to use them then it is possible to do that right now. ClamAV will use the .cvd and .ndb files in the database directory you specify, it won't care about the way the contents were generated. If you do this, try it out, explain why it is better and then get it reviewed and added into the mainstream ClamAV code it would be because it is a worthwhile addition for the general case. So far I'm not convinced and I would add that I expect that spam, viruses, phishing and social engineering threats will become effectively indistinguishable from each other quite soon. If I'm right you will be swimming against the current, but then it's up to you if you like to do that. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
