tadams-lists at myrealbox
Jul 30, 2003, 7:09 AM
Post #1 of 1
(839 views)
Permalink
|
|
clamav and a virus database
|
|
Below is the output of clamav scanning files that are ALL viruses
according to Trend-Micro PC-Cillin. As you can see, we aren't too bad,
other than the fact we are misidentifying some viruses (but they are
being caught). I would say that the 2000 unidentified viruses are
largely repeats, so call it 500-700 being missed. There are several
Trojans/viruses/etc. that PC-Cillin doesn't catch that clamav misses as
well. This would up the number to around 1000 I think.
-- SCAN SUMMARY --
Known viruses: 8880
Scanned directories: 1
Scanned files: 10346
Infected files: 8971
Data scanned: 64.60 Mb
I/O buffer size: 131072 bytes
Time: 291.069 sec (4 m 51 s)
I have spent the last few days building a virus collection to test
clamav with. Does anyone know of or can create a Perl script (sorry,
student here, and I don't know Perl well) that wraps one of the major
Windows anti-virus scanners (say MacAfee or another good one) that when
it finds a virus file, the virus scanner does nothing, the Perl script
renames the file to the FULL virus name that MacAfee uses in their
databases and moves it to a specifiable directory? If there are more
than one files that contain the virus it should use ~# as in ~1, ~2, ~3,
etc. extensions.
I am not sure if this is legal or not, but if it is, it would sure help
put together a virus collection to find what viruses clamav doesn't know
about, and to keep them around to test clamav for regressions. I am
willing to keep this database and would even be interested in getting
files from people that another virus scanner catches but clamav
doesn't. File should be named the virus name WITH NO extensions beyond
those caused by periods in the virus name. If you want to be real nice,
zip them up with a simple password and include the password ('virus' is
probably best).
Trever Adams
--
A traveler on the information superhighway who often stops and looks
around...
|
