?

Log in

No account? Create an account

fanf

Virus names

« previous entry | next entry »
6th Feb 2006 | 14:02

Virus naming is generally a matter of consensus between the AV vendors, but occasionally that breaks down. A good example is "blackworm" aka "blackmal" aka "blueworm" aka "mywife" aka "nyxem". Our email AV system keys off the virus name to decide whether to delete a message or mangle it. (Sadly our current system can't reject messages at SMTP time.) This depends on us getting a reasonably unique name from the virus scanners, so that we treat messages appropriately. Sadly at the moment there's something nasty going around which McAfee is calling "the Generic Malware.a!zip trojan" and ClamAV is calling "Worm.VB-9". Can I have a proper name please so I can delete it and stop irritating people with mangled junk?

| Leave a comment | Share

Comments {2}

Matthew

from: emperor
date: 6th Feb 2006 14:12 (UTC)

Alphabetiworm? :)

Reply | Thread

Just a random swede

from: vatine
date: 6th Feb 2006 14:25 (UTC)

You could ask that your AV vendor includes the CME identifier. If it's bounces from other systems to your users, you are in a slightly worse position (though having the CME identifier in would probably help, nonetheless).

Reply | Thread