Derek Currie wrote: > Greetings folks, > > This is a reply to a thread started way back in April of 2008 (when > it used to have the unfortunate subject line "Non-Windoze Viruses"). > > Concerning the controversy about whether Clamav has definitions for > Mac OS X malware, I managed to find the answer is YES, but only sort of. > > I has been remarkably hard to find what malware are in Clamav's > Definitions List. Persistent pounding of the net provided me with the > answer, which was embedded in the earlier thread. You can to do a > search for what you want here:
I'm not sure I follow any of what you're saying. It makes no sense. It is and has always been trivial to know what the virus names are in ClamAV. But knowing that is nearly worthless just as knowing what the names of viruses are in Symantec's product. The names you see are guaranteed to apply only within the product they are found in. There is no naming standard. The only way to know if an actual virus signature is in a product is to submit that virus to the product you are curious about. And even then there's no guarantee because there are variants of viruses that may or may not have multiple identities as when a single signature is found in multiple variants. If an AV product discovers several variants with a single signature there will be only one named signature where another product may have 5 different signatures that find only a single variant each. There are a number of virus signatures in ClamAV that, because they were found first by the ClamAV people, were named by those same ClamAV people. It's not like there has always been a virus name clearing house for day 0 threats. There is no reason Symantec, TrendMicro, et al, are going to use that same name. In fact there is very little chance of it. They don't have a good history of sharing names among themselves. And how can that even work? All companies that share a common virus name must develop signatures from the same exact virus in order to ensure they are all talking about the same virus. What are the chances that's always going to happen? There is a competitive advantage in not doing it, in fact. If you're first to market with a new signature you put that on your front page because you have an exclusive signature. That's free advertising when all the pundits and news rooms start spreading it around. There has been no successful attempt to standardize on names for viruses for which signatures have been found that I am aware of. I don't care because names are meaningless except to the press. There have been efforts at creating cross-reference tables for virus names but lordy what a waste of time. If you have actual OS X viruses that can be submitted to ClamAV's signature team then provide them. I run only Mac desktops but run ClamAV on my Unix MTA's because it's the right thing to do. I've never seen a virus that targets Mac systems specifically so have no possibility to contribute to the effort. It would be very useful to know not what the virus names are, but what if any resources are committed to locating and identifying Mac malware. Does the ClamAV group have OS X spam traps running anywhere? Maybe so, maybe not. If not then you have a legitimate gripe. Do they have Mac systems to evaluate viruses? Maybe so, maybe not. Again, if not then there's reason to gripe. If a Mac malware submission comes in on their web page do they have the capability to evaluate it? I don't know. Do you? dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
