[Esa-l] Files to poison: Hybris
Graham Dunn
gdunn at inscriber.com
Wed Dec 13 12:20:08 PST 2000
I think this is a bad idea.
Who wants to be a AV vendor? This is essentially what you're asking
someone to do. If you let anyone (unless you determine what qualifies as
"informed") add to the list, well, I'm not so sure it would remain
useful (pollution of file names, intentional or otherwise).
I suppose you could set up a CVS server and only allow check-ins from
specified updaters.
I think this is going to be a moot point soon, judging from the noises
John has been making about changing the filtering/poisoning approach
lately.
----- Original Message -----
From: "Dustin Ankeny" <dustin at heritageind.com>
To: "'Michael H. Martel'" <martelm at quark.vsc.edu>; <esa-l at spconnect.com>
Sent: Wednesday, December 13, 2000 2:57 PM
Subject: RE: [Esa-l] Files to poison: Hybris
> Well I think that was the point of Miguel's post today,
>
> Not everyone wants to read alt.comp.virus all day so that the user can
have
> an up-to-the minute list. So if they want to make a cron job that
will take
> advantage of a poisoned list that lots of informed people add to...
well
> that sounds like a good idea to me. Now I know that it can get
complex in a
> hurry, but it does make sense.
>
> What better way then to update your poisoned once a day/week?
>
> Now the other side of that is that the list would have to be updated
more
> often, I update my list as soon as I see a new virus name that can be
> filtered. I don't think the master list gets updated near that often.
>
> What do you guys think?
> Dustin Ankeny
More information about the esd-l
mailing list