On Friday, Mar 14, 2003, at 13:56 Europe/London,
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
1) As written, it doesn't contain any verification that a *current*
template
of signatures was used - I've actually gotten mail that was stamped
"this
mail certified virus-free by LlamaWare 1.2" and contained a virus
anyhow,
because it's signature database was *literally* 2.5 years out of date.
2) Either the sending system has a virus, or it doesn't. If it
doesn't,
it doesn't matter if it got scanned. If it does, I have no guarantee
that
said scanner hasn't been fooled by a rootkit.
3) Now imagine a virus that injects itself and then forges a "virus
free"
signature for itself (remember - if the virus scanner has enough info
to
generate a cert, any malware that gets loose on that machine has
enough info
to forge the same cert).
4) there's a window of opportunity between the virus coming out and the
signature being created.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg