From clamav-users-bounces@lists.clamav.net  Mon Sep 12 05:05:21 2005
Return-Path: <clamav-users-bounces@lists.clamav.net>
X-Original-To: list@krisma.oltrelinux.com
Delivered-To: list@krisma.oltrelinux.com
Received: from [127.0.0.1] (krisma [127.0.0.1])
	by mail.oltrelinux.com (Postfix) with ESMTP id 4B7E211B25D;
	Mon, 12 Sep 2005 05:05:13 +0200 (CEST)
X-Original-To: clamav-users@krisma.oltrelinux.com
Delivered-To: clamav-users@krisma.oltrelinux.com
Received: from U15187375.cubiclesoft.com (u15187375.onlinehome-server.com
	[217.160.255.148])
	by mail.oltrelinux.com (Postfix) with ESMTP id 74D9011B24D
	for <clamav-users@lists.clamav.net>;
	Mon, 12 Sep 2005 05:05:08 +0200 (CEST)
Received: from [192.168.0.101] ([24.11.219.211]) by cubiclesoft.com with
	MailEnable ESMTP; Sun, 11 Sep 2005 23:05:06 -0400
Message-ID: <4324F0DA.2020009@cubiclesoft.com>
Date: Sun, 11 Sep 2005 23:07:06 -0400
From: Thomas Hruska <thruska@cubiclesoft.com>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [Clamav-users] Spyware detection...
References: <4324E2EB.60505@cubiclesoft.com>
	<5C1BDA19-F36D-45B4-8F66-2F5A8C017A30@daleenterprise.com>
In-Reply-To: <5C1BDA19-F36D-45B4-8F66-2F5A8C017A30@daleenterprise.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: clamav-users@lists.clamav.net
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
List-Id: ClamAV users ML <clamav-users.lists.clamav.net>
List-Unsubscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>,
	<mailto:clamav-users-request@lists.clamav.net?subject=unsubscribe>
List-Post: <mailto:clamav-users@lists.clamav.net>
List-Help: <mailto:clamav-users-request@lists.clamav.net?subject=help>
List-Subscribe: <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users>,
	<mailto:clamav-users-request@lists.clamav.net?subject=subscribe>
Sender: clamav-users-bounces@lists.clamav.net
Errors-To: clamav-users-bounces@lists.clamav.net
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com
X-Spam-Status: No, hits=0.0 tagged_above=-999.0 required=6.0 tests=BAYES_50
X-Spam-Level: 

Dale Walsh wrote:
> What your asking for sounds simple however, how do you establish  
> detection??

Can't you use the existing signature scanning technology in ClamAV to 
identify known spyware vendors?  Spyware vendors distribute either 
embedded libraries or have specific DLLs or EXEs - something is probably 
similar for each vendor to draw signatures from their toolkits.  In 
fact, Lavasoft Adaware switched, a couple versions ago, to a signature 
database...very similar to how AV products work.

I'm not asking to be able to determine if a custom spyware solution is 
spyware.  Just cover the major spyware vendors with signatures and that 
will catch about 80 to 90 percent of the most popular spyware enabled 
applications out there, which is "good enough" for my purposes.

--
Thomas Hruska

_______________________________________________
http://lurker.clamav.net/list/clamav-users.html