Bowie Bailey wrote:
Dennis Peterson wrote:
Christoph Cordes wrote:
Dennis Peterson wrote:
I already know the question is difficult, but it isn't impossible
to answer as there are other AV vendors who have a solution for
this particular problem if the article is to be believed.
So you want to know if the ClamAV Team monitors an infected system
to get hands on the files in case the malware is updated by the
maintainer - right?
If this is the question, the answer is: No, we donĀ“t.
That's not the question. The question as asked by management is "Why
does ClamAV report it doesn't catch this virus while these others do?"
and my answer is "I don't know - and the ClamAV people don't know,
either".
While it's the truth, neither of us looks real good now, and I haven't
even mentioned that nobody at ClamAV seems particularly proactive
about looking into it. That will remain our little secret for now.
I'm sure the ClamAV guys will be glad to look into it if you can
provide a copy of the virus. However, until someone can provide the
virus sample, we really don't know what they were testing and thus
nobody can give any definitive answers.
Then perhaps one of them would consider getting in touch with Mr.
Stewart at secureworks.com who appears to have exactly what they need.
It could even lead to another article where ClamAV looks a little better
and raises fewer questions.
All I can tell you is that I have ClamAV running on my mailserver and
Symantec on the desktops (both are updated constantly). ClamAV
catches stuff all the time. I don't remember the last time something
got through and was caught by Symantec.
I don't have any complaints with ClamAV - I like it. I just have this
one question I'd like to see answered. It is entirely possible, for
examaple, that ClamAV did not catch this virus because the infected file
was a broken stub file that had only parts of the virus remaining. In
otherwords it wasn't malware at all because it cannot function. Some AV
tools will reject broken viruses, some don't.
dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
