|
Rescon
| Joined: 05 Sep 2007 |
| Posts: 0 |
|
|
|
 Posted: Thu Sep 06, 2007 1:04 pm |
|
 |
 |
|
|
Hello,
I've some suggestions for the project:
1. A virus browser, where you can see and search for all known viruses in the ClamWin virus database.
2. A quarantine window, where you can see all infected files, that were moved into it + virus type information.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Thu Sep 06, 2007 1:43 pm |
|
|
|
|
|
To what Rescon suggested, let me add: 1)an automated script to submit a flagged file to Virustotal to check with other antivirus programs and 2)an automated script to submit a file to Clam to check for false positives when other AVs don't find anything.
Regards,
|
|
|
|
Trigon
| Joined: 04 Jul 2007 |
| Posts: 0 |
|
|
|
| Posted: Fri Sep 07, 2007 12:07 am |
|
|
|
|
|
Yeah, all infected files should be sent to Clamwin Automatically (or give the user an option to)
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri Sep 07, 2007 1:34 am |
|
|
|
|
|
There's no reason to send Clam a file that it has identified as infected--since it already has it in the signature database. What we need to do is check the file with VirusTotal or Jotti or another of the online multi-engine scanning services to see if other AVs also find malware in the file. If they do, we can then delete the file from our computers. If they don't, then we can send it to Clam as a false positive.
Regards,
|
|
|
|
Rescon
| Joined: 05 Sep 2007 |
| Posts: 0 |
|
|
|
| Posted: Fri Sep 07, 2007 12:07 pm |
|
|
|
|
|
| GuitarBob wrote: |
To what Rescon suggested, let me add: 1)an automated script to submit a flagged file to Virustotal to check with other antivirus programs and 2)an automated script to submit a file to Clam to check for false positives when other AVs don't find anything.
Regards, |
Great suggestions! |
|
|
