On Sep 11, 2005, at 10:07 PM, Thomas Hruska wrote:
I hate to crosspost, but since it appears no one reads the Win32
list, I switched my subscription to the main users list.
I've got ClamAV working and that is all good and fine. However, I
looked in the archives of the clamav-users list and saw that still
as of June 2005, ClamAV is completely uninterested in at least
detecting spyware.
I have a problem with that. Here is how I define a virus:
- A digital invasion of unwanted and undesired bits in a computer
system designed to infiltrate and change the state in the system in
a negative manner.
Here is how I define spyware:
- A digital invasion of unwanted and undesired bits in a computer
system designed to infiltrate and change the psychological state of
the user in a negative manner.
Frankly, I could care less if you don't remove spyware from a
system with ClamAV. What I need is a _reputable_ scanner that
works from the command line to _detect_ if a system contains
spyware. Since ClamAV isn't apparently going to be that tool and
Google isn't turning up a reputable command-line anti-spyware
solution with sufficient options, I would appreciate a pointer to a
tool that does this.
All I need is to have the tool tell me:
- Yes there is spyware on the system.
OR
- No there isn't spyware on the system.
I don't need it to disinfect/remove/whatever - simply recognize
that there is spyware, what file contains it, and display a
notification as such on stdout.
Seems to me that this is something simple that ClamAV could easily
implement in a very short amount of time. For those who don't want
to scan for spyware, include a command-line switch to "turn off
scanning for psychological manipulators (spyware, pranks, etc.)".
However, since ClamAV is uninterested in doing anything even
remotely simple like this, I need someone to point out a
_reputable_ tool that is better than ClamAV that does psychological
manipulator scanning from the command-line - preferably open
source, but since nothing is turning up on SourceForge or Google,
I'll be impressed if someone finds anything.
--
Thomas Hruska
What your asking for sounds simple however, how do you establish
detection??
Currently what little there is that accomplishes this feat looks for
specific files by name and watches specific ports in an attempt to
determine what is spyware.
ClamAV currently has the ability to determine these things with some
additional programming but then an additional database would have to
be implemented to perform the matches of files and some extra coding
to watch ports for activity with the ability to either check on the
calling app or from a list of ports to not watch.
Then what will occur is that spyware writers will then target these
ports making detection more difficult and change the name of the app.
Currently you are the spyware detector, you seek out these files and
examine apps that access ports that you know shouldn't have activity
so if you want something, how about writing something and calling it
ClamSPY???
-- Dale
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
