On 9/11/05, Thomas Hruska <[EMAIL PROTECTED]> wrote: > Thank you but I already know the tool doesn't exist or I wouldn't be > wandering around this forum. Since the tool doesn't exist, I found the > _closest_ possible tool to the tool I am looking for and ClamAV happens > to be that tool. You should be proud that your tool is just shy of > being able to do something system administrators around the world want > to be able to do. Imagine the joy a sysadmin could experience by being > able to remotely scan a thousand plus machines on the LAN, and, in a > matter of 30 minutes, know which ones have spyware or have a virus > installed all from one tool. Now I know this isn't what ClamAV was > designed for, but that's the sort of thing you have to expect from > software and users - the unexpected but creative uses for a product. > Given that it should only take a week or two to gather signatures from > the various spyware vendor binaries, I don't see why you all are so > adamant about not adding rudimentary detection. To me, spyware is a > virus. The only difference is that it wreaks havoc on the human psyche > instead of wreaking havoc on binary data. >
I am currently looking at doing the same thing. I have a set of boxes that I am planning to 'infect' with spyware and then start making signatures for them. It is a rather slow process at the moment.. -- Stephen J Smoogen. CSIRT/Linux System Administrator _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
