Date: Thu, 12 Jun 2003 16:19:20 -0400 From: Paul Chvostek <paul+fbsd@it.ca> To: chat@freebsd.org Subject: Re: Antivirus for (mailservers on) FreeBSD Message-ID: <20030612201920.GA87120@mail.it.ca> In-Reply-To: <3EE8DB83.4040609@potentialtech.com> References: <5.2.1.1.2.20030612202321.02e28008@194.184.65.4> <3EE8C7FB.7040701@potentialtech.com> <20030612193524.GA31199@grumpy.dyndns.org> <3EE8DB83.4040609@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 12, 2003 at 03:58:59PM -0400, Bill Moran wrote: > > p.s. I abhor the term "virus" as I haven't seen one in years. The horrible > technical elegance of a true virus doesn't exist in the abilities of modern > malware developers. Worms and trojans are the best they can do. And worms > are often too difficult. That's not entirely true. A virus spreads itself by infecting through a medium. The classic "Stoned" virus prepended itself to executables and once run, sat in memory waiting for filesystem calls to tell it where to find new executables or floppy MBRs to infect. The modern worm does pretty much the same thing, only its medium of infection is the email system rather than a filesystem. A virus is an infection of the software. A worm is a category of virus which ALSO infects the wetware. (And MLM schemes are purely a wetware infection.) Is an email worm that has additional functionality to spread itself over SMB network shares to writable executables still merely a worm? Would you catagorize it as one, or the other, or both? It's just symantecs. Er, semantics. ;) -- Paul Chvostek <paul@it.ca> Operations / Abuse / Whatever it.canada, hosting and development http://www.it.ca/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030612201920.GA87120>