Dale Walsh wrote:
What your asking for sounds simple however, how do you establish detection??
Can't you use the existing signature scanning technology in ClamAV to identify known spyware vendors? Spyware vendors distribute either embedded libraries or have specific DLLs or EXEs - something is probably similar for each vendor to draw signatures from their toolkits. In fact, Lavasoft Adaware switched, a couple versions ago, to a signature database...very similar to how AV products work.
I'm not asking to be able to determine if a custom spyware solution is spyware. Just cover the major spyware vendors with signatures and that will catch about 80 to 90 percent of the most popular spyware enabled applications out there, which is "good enough" for my purposes.
-- Thomas Hruska _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
