From clamav-users-bounces@lists.clamav.net Mon Sep 12 04:06:06 2005 Return-Path: X-Original-To: list@krisma.oltrelinux.com Delivered-To: list@krisma.oltrelinux.com Received: from [127.0.0.1] (krisma [127.0.0.1]) by mail.oltrelinux.com (Postfix) with ESMTP id 3F4C811B264; Mon, 12 Sep 2005 04:05:50 +0200 (CEST) X-Original-To: clamav-users@krisma.oltrelinux.com Delivered-To: clamav-users@krisma.oltrelinux.com Received: from U15187375.cubiclesoft.com (u15187375.onlinehome-server.com [217.160.255.148]) by mail.oltrelinux.com (Postfix) with ESMTP id DDBDE11B249 for ; Mon, 12 Sep 2005 04:05:41 +0200 (CEST) Received: from [192.168.0.101] ([24.11.219.211]) by cubiclesoft.com with MailEnable ESMTP; Sun, 11 Sep 2005 22:05:38 -0400 Message-ID: <4324E2EB.60505@cubiclesoft.com> Date: Sun, 11 Sep 2005 22:07:39 -0400 From: Thomas Hruska User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: clamav-users@lists.clamav.net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: [Clamav-users] Spyware detection... X-BeenThere: clamav-users@lists.clamav.net X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ClamAV users ML List-Id: ClamAV users ML List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: clamav-users-bounces@lists.clamav.net Errors-To: clamav-users-bounces@lists.clamav.net X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com X-Spam-Status: No, hits=0.0 tagged_above=-999.0 required=6.0 tests=BAYES_50 X-Spam-Level: I hate to crosspost, but since it appears no one reads the Win32 list, I switched my subscription to the main users list. I've got ClamAV working and that is all good and fine. However, I looked in the archives of the clamav-users list and saw that still as of June 2005, ClamAV is completely uninterested in at least detecting spyware. I have a problem with that. Here is how I define a virus: - A digital invasion of unwanted and undesired bits in a computer system designed to infiltrate and change the state in the system in a negative manner. Here is how I define spyware: - A digital invasion of unwanted and undesired bits in a computer system designed to infiltrate and change the psychological state of the user in a negative manner. Frankly, I could care less if you don't remove spyware from a system with ClamAV. What I need is a _reputable_ scanner that works from the command line to _detect_ if a system contains spyware. Since ClamAV isn't apparently going to be that tool and Google isn't turning up a reputable command-line anti-spyware solution with sufficient options, I would appreciate a pointer to a tool that does this. All I need is to have the tool tell me: - Yes there is spyware on the system. OR - No there isn't spyware on the system. I don't need it to disinfect/remove/whatever - simply recognize that there is spyware, what file contains it, and display a notification as such on stdout. Seems to me that this is something simple that ClamAV could easily implement in a very short amount of time. For those who don't want to scan for spyware, include a command-line switch to "turn off scanning for psychological manipulators (spyware, pranks, etc.)". However, since ClamAV is uninterested in doing anything even remotely simple like this, I need someone to point out a _reputable_ tool that is better than ClamAV that does psychological manipulator scanning from the command-line - preferably open source, but since nothing is turning up on SourceForge or Google, I'll be impressed if someone finds anything. -- Thomas Hruska CubicleSoft _______________________________________________ http://lurker.clamav.net/list/clamav-users.html