On 9/11/05, Thomas Hruska <
thruska@cubiclesoft.com> wrote:
> Thank you but I already know the tool doesn't exist or I wouldn't be
> wandering around this forum. Since the tool doesn't exist, I found the
> _closest_ possible tool to the tool I am looking for and ClamAV happens
> to be that tool. You should be proud that your tool is just shy of
> being able to do something system administrators around the world want
> to be able to do. Imagine the joy a sysadmin could experience by being
> able to remotely scan a thousand plus machines on the LAN, and, in a
> matter of 30 minutes, know which ones have spyware or have a virus
> installed all from one tool. Now I know this isn't what ClamAV was
> designed for, but that's the sort of thing you have to expect from
> software and users - the unexpected but creative uses for a product.
> Given that it should only take a week or two to gather signatures from
> the various spyware vendor binaries, I don't see why you all are so
> adamant about not adding rudimentary detection. To me, spyware is a
> virus. The only difference is that it wreaks havoc on the human psyche
> instead of wreaking havoc on binary data.
>
I am currently looking at doing the same thing. I have a set of boxes
that I am planning to 'infect' with spyware and then start making
signatures for them. It is a rather slow process at the moment..
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
(text/plain)