From clamav-users-bounces@lists.clamav.net Mon Sep 12 18:13:29 2005 Return-Path: X-Original-To: list@krisma.oltrelinux.com Delivered-To: list@krisma.oltrelinux.com Received: from [127.0.0.1] (krisma [127.0.0.1]) by mail.oltrelinux.com (Postfix) with ESMTP id E7F9111AE98; Mon, 12 Sep 2005 18:13:18 +0200 (CEST) X-Original-To: clamav-users@krisma.oltrelinux.com Delivered-To: clamav-users@krisma.oltrelinux.com Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.192]) by mail.oltrelinux.com (Postfix) with ESMTP id 8612311AE57 for ; Mon, 12 Sep 2005 18:13:12 +0200 (CEST) Received: by zproxy.gmail.com with SMTP id 4so247989nzn for ; Mon, 12 Sep 2005 09:13:08 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=kDT7Hv0EAJ4R3D8BeVP5Kd4ZlFUCuGzv5nfdLUHopPTrxiyWUfaZXoCMH3EkQ1YfRRnXlT/+CkuJfkooEnX4g5Gc6/38v/MQYyKgpocZspm/8spjl+fImOoianzL68IFqF510MPwIi/d6+g+tCnQXvYNH/G/L0Qau4btQLt/pQI= Received: by 10.37.2.65 with SMTP id e65mr23421nzi; Mon, 12 Sep 2005 09:05:48 -0700 (PDT) Received: by 10.36.72.19 with HTTP; Mon, 12 Sep 2005 09:05:10 -0700 (PDT) Message-ID: <80d7e409050912090571206f53@mail.gmail.com> Date: Mon, 12 Sep 2005 10:05:10 -0600 From: "Stephen J. Smoogen" To: ClamAV users ML Subject: Re: [Clamav-users] Spyware detection... In-Reply-To: <43250096.7040909@cubiclesoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <4324E2EB.60505@cubiclesoft.com> <52133.192.168.1.2.1126492117.squirrel@inetnw.com> <4324F2D2.5010206@cubiclesoft.com> <52188.192.168.1.2.1126495784.squirrel@inetnw.com> <43250096.7040909@cubiclesoft.com> X-BeenThere: clamav-users@lists.clamav.net X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ClamAV users ML List-Id: ClamAV users ML List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: clamav-users-bounces@lists.clamav.net Errors-To: clamav-users-bounces@lists.clamav.net X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com X-Spam-Status: No, hits=0.1 tagged_above=-999.0 required=6.0 tests=AWL, BAYES_50, RCVD_BY_IP X-Spam-Level: On 9/11/05, Thomas Hruska wrote: > Thank you but I already know the tool doesn't exist or I wouldn't be > wandering around this forum. Since the tool doesn't exist, I found the > _closest_ possible tool to the tool I am looking for and ClamAV happens > to be that tool. You should be proud that your tool is just shy of > being able to do something system administrators around the world want > to be able to do. Imagine the joy a sysadmin could experience by being > able to remotely scan a thousand plus machines on the LAN, and, in a > matter of 30 minutes, know which ones have spyware or have a virus > installed all from one tool. Now I know this isn't what ClamAV was > designed for, but that's the sort of thing you have to expect from > software and users - the unexpected but creative uses for a product. > Given that it should only take a week or two to gather signatures from > the various spyware vendor binaries, I don't see why you all are so > adamant about not adding rudimentary detection. To me, spyware is a > virus. The only difference is that it wreaks havoc on the human psyche > instead of wreaking havoc on binary data. >=20 I am currently looking at doing the same thing. I have a set of boxes that I am planning to 'infect' with spyware and then start making signatures for them. It is a rather slow process at the moment.. --=20 Stephen J Smoogen. CSIRT/Linux System Administrator _______________________________________________ http://lurker.clamav.net/list/clamav-users.html