From owner-freebsd-chat@FreeBSD.ORG Thu Jun 12 13:19:52 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CD1137B401 for ; Thu, 12 Jun 2003 13:19:52 -0700 (PDT) Received: from haggis.it.ca (haggis.it.ca [216.126.86.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 826BD43F3F for ; Thu, 12 Jun 2003 13:19:51 -0700 (PDT) (envelope-from paul@haggis.it.ca) Received: from haggis.it.ca (paul@localhost [127.0.0.1]) by haggis.it.ca (8.12.9/8.12.9) with ESMTP id h5CKJLVD092593 for ; Thu, 12 Jun 2003 16:19:21 -0400 (EDT) (envelope-from paul@haggis.it.ca) Received: (from paul@localhost) by haggis.it.ca (8.12.9/8.12.6/Submit) id h5CKJKTQ092591 for chat@freebsd.org; Thu, 12 Jun 2003 16:19:20 -0400 (EDT) (envelope-from paul) Date: Thu, 12 Jun 2003 16:19:20 -0400 From: Paul Chvostek To: chat@freebsd.org Message-ID: <20030612201920.GA87120@mail.it.ca> References: <5.2.1.1.2.20030612202321.02e28008@194.184.65.4> <3EE8C7FB.7040701@potentialtech.com> <20030612193524.GA31199@grumpy.dyndns.org> <3EE8DB83.4040609@potentialtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3EE8DB83.4040609@potentialtech.com> User-Agent: Mutt/1.4.1i Subject: Re: Antivirus for (mailservers on) FreeBSD X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: chat@freebsd.org List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2003 20:19:52 -0000 On Thu, Jun 12, 2003 at 03:58:59PM -0400, Bill Moran wrote: > > p.s. I abhor the term "virus" as I haven't seen one in years. The horrible > technical elegance of a true virus doesn't exist in the abilities of modern > malware developers. Worms and trojans are the best they can do. And worms > are often too difficult. That's not entirely true. A virus spreads itself by infecting through a medium. The classic "Stoned" virus prepended itself to executables and once run, sat in memory waiting for filesystem calls to tell it where to find new executables or floppy MBRs to infect. The modern worm does pretty much the same thing, only its medium of infection is the email system rather than a filesystem. A virus is an infection of the software. A worm is a category of virus which ALSO infects the wetware. (And MLM schemes are purely a wetware infection.) Is an email worm that has additional functionality to spread itself over SMB network shares to writable executables still merely a worm? Would you catagorize it as one, or the other, or both? It's just symantecs. Er, semantics. ;) -- Paul Chvostek Operations / Abuse / Whatever it.canada, hosting and development http://www.it.ca/