Hi

I read this today that now its possible to detect and handle this:

https://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

will this be part of winclam and... well, since I understand that the "big day" is tomorrow - is it at all likely that clamwin will be able to do it by then?

Thanks.

To my knowledge, Clam is not involved in the AV group that was looking into capturing the domain names that Conficker uses (and will use). Clam also doesn't have a dedicated Conficker tool to repair/vaccinate for Conficker. These anit-Conficker measures were/are developed by the larger AV companies with more resources. Clam (and ClamWin by default) concentrates upon getting signatures from samples sent in by users, and it does a pretty good job at that. Clam also doesn'do any registry scanning--unless a registry entry is included in a signature. That's interesting about the Conficker vaccine--I wasn't aware of it. Thanks.

The majority of Clam users are still email services, and the signatures reflect that. That's why I would like to see more ClamWin usiers submitting undetected samples to Clam--that would (probably) reflect a greater variety of samples and perhaps improve detection rates a bit.

Conficker is more sophisticated than other viruses, but if you keep up with Microsoft's patches, update ClamWin often, and run a real-time scanner, firewall, and anti-spyware alongside ClamWin, you shouldn't have to spend any time worrying especially about it.

Regards,