From: Harley David (david.harleynhsia.nhs.uk)
Date: Fri Oct 10 2003 - 03:18:56 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Interesting paper, which I hadn't come across before.
Two points:
* AV vendors do actually analyse malicious code, they
  don't just extract a signature. If a vendor acquired
  a sample that showed the kind of behaviour you describe,
  they would hopefully feel obliged to take it into account
  in their detection and disinfection routines. And I think
  you'll find that even vendors that don't scan streams at
  present will have spent enough time on the issue to be able
  to when and if they need to.
* AV is not (primarily) signature based, and hasn't been for
  many years. Slim code content is not enough to evade
  virus-specific detection.

--
David Harley
Threat Assessment Centre Manager
Anti-Virus/Email Abuse Specialist
NHS Information Authority

This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]