From clamav-win32-bounces@lists.clamav.net Sat May 17 10:31:09 2008 Return-Path: X-Original-To: list@tad.clamav.net Delivered-To: list@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nsDpg8Nga+AI; Sat, 17 May 2008 10:31:08 +0200 (CEST) Received: from tad.clamav.net (localhost.localdomain [127.0.0.1]) by tad.clamav.net (Postfix) with ESMTP id C646B16C036; Sat, 17 May 2008 10:31:08 +0200 (CEST) X-Original-To: clamav-win32@tad.clamav.net Delivered-To: clamav-win32@tad.clamav.net X-Virus-Scanned: Debian amavisd-new at tad.clamav.net Received: from tad.clamav.net ([127.0.0.1]) by localhost (tad.clamav.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 34uqvE0us83y for ; Sat, 17 May 2008 10:31:04 +0200 (CEST) X-Greylist: delayed 1819 seconds by postgrey-1.27 at tad; Sat, 17 May 2008 10:31:04 CEST Received: from smtp12.hushmail.com (smtp12.hushmail.com [65.39.178.135]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by tad.clamav.net (Postfix) with ESMTP id 6C78716C011 for ; Sat, 17 May 2008 10:31:04 +0200 (CEST) Received: from smtp12.hushmail.com (localhost.localdomain [127.0.0.1]) by smtp12.hushmail.com (Postfix) with SMTP id 14DF170073 for ; Sat, 17 May 2008 08:00:42 +0000 (UTC) Received: from mailserver10.hushmail.com (mailserver10.hushmail.com [65.39.178.57]) by smtp12.hushmail.com (Postfix) with ESMTP for ; Sat, 17 May 2008 08:00:42 +0000 (UTC) Received: by mailserver10.hushmail.com (Postfix, from userid 99) id 6D9A5D0326; Sat, 17 May 2008 08:00:42 +0000 (UTC) MIME-Version: 1.0 Date: Sat, 17 May 2008 04:00:42 -0400 To: clamav-win32@lists.clamav.net From: auto67209@hushmail.com Message-Id: <20080517080042.6D9A5D0326@mailserver10.hushmail.com> Subject: [clamav-win32] Rogue Antispyware Using ClamAV Database X-BeenThere: clamav-win32@lists.clamav.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: clamav-win32@lists.clamav.net List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: clamav-win32-bounces@lists.clamav.net Errors-To: clamav-win32-bounces@lists.clamav.net Just in case you weren't already aware, "WinReanimator" downloads a copy of the ClamAV database, leaving a ClamAV folder inside %profile%\Local Settings\Temp, and a copy of daily.cvd in C:\Program Files\WinReanimator\data. While the License Agreement does state that some components may be GPL'ed, and that those components are subject to the less restrictive terms of that license, there are a handful of potential problems with that as far as I can see. Let's start with the obvious; what we know about these rogue programs... sometimes the License Agreement (including copyright and modification dates if applicable) aren't shown when the software is forcibly installed, and there's no way to get to that information from the user interface. While the GPL license agreement isn't necessarily important for running the program, should there be GPL components, which the license agreement for WinReanimator says is possible, it's the copyright and modification information that is important. Next, I'll assume that the CVD file itself is the preferred method of viewing and/or editing the database, and, for benefit of the doubt, the database is kindly downloaded from ClamAV's servers as opposed to being packaged with WinReanimator and/or first mirrored to and thereafter downloaded from WinReanimator's servers; even so, there must be some amount of source code used by ClamAV and/or ClamWin to actually read the database and act upon it. Now, yes, rogue programs tend to generate fake results, but I'm forced to wonder what WinReanimator might be doing with the ClamAV database... I, the average user, unfortunately can't know, because the promised source code that is supposed to reside within a designated folder in the program files directory (as stated in the license agreement) isn't there, and, unless the database was put there by WinReanimator to waste disk space, I can assume it does something with it. Finally, the GPL states that the entire package must be licensed GPL, and not just individual components; only the LGPL allows that. Even if WinReanimator contains no GPL'ed code, it seems as if the section of the license relating to the GPL is invalid. If WinReanimator does happen to contain GPL'ed code of any kind, perhaps, for example, some amount of code used to read and act upon the database, I'd assume they would have a difficult time arguing that an anti-malware program isn't an extension of an anti-malware database along with the code used to read and act upon an anti- malware database, and one could try and argue that their license isn't enforceable given the GPL components and that the entire WinReanimator program should therefore be GPL'ed. Now, for my disclaimer. I've made mistakes before, and everything I've said above could be complete rubbish and a complete misinterpretation of the GPL. The above is my opinion, but I believe it to be fairly accurate. Any thoughts? -- Flexible Medical Administration programs. Click to start advancing your career. http://tagline.hushmail.com/fc/Ioyw6h4fOHYjyC83J9w04HA7p1HEMmnonfsyptJMqGb77PuMfFQlvU/ _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32