[clamav-win32] Rogue Antispyware Using ClamAV Database
auto67209 at hushmail.com
auto67209 at hushmail.com
Sat May 17 10:00:42 CEST 2008
Just in case you weren't already aware, "WinReanimator" downloads a
copy of the ClamAV database, leaving a ClamAV folder inside
%profile%\Local Settings\Temp, and a copy of daily.cvd in
While the License Agreement does state that some components may be
GPL'ed, and that those components are subject to the less
restrictive terms of that license, there are a handful of potential
problems with that as far as I can see.
Let's start with the obvious; what we know about these rogue
programs... sometimes the License Agreement (including copyright
and modification dates if applicable) aren't shown when the
software is forcibly installed, and there's no way to get to that
information from the user interface. While the GPL license
agreement isn't necessarily important for running the program,
should there be GPL components, which the license agreement for
WinReanimator says is possible, it's the copyright and modification
information that is important.
Next, I'll assume that the CVD file itself is the preferred method
of viewing and/or editing the database, and, for benefit of the
doubt, the database is kindly downloaded from ClamAV's servers as
opposed to being packaged with WinReanimator and/or first mirrored
to and thereafter downloaded from WinReanimator's servers; even so,
there must be some amount of source code used by ClamAV and/or
ClamWin to actually read the database and act upon it. Now, yes,
rogue programs tend to generate fake results, but I'm forced to
wonder what WinReanimator might be doing with the ClamAV
database... I, the average user, unfortunately can't know, because
the promised source code that is supposed to reside within a
designated folder in the program files directory (as stated in the
license agreement) isn't there, and, unless the database was put
there by WinReanimator to waste disk space, I can assume it does
something with it.
Finally, the GPL states that the entire package must be licensed
GPL, and not just individual components; only the LGPL allows that.
Even if WinReanimator contains no GPL'ed code, it seems as if the
section of the license relating to the GPL is invalid. If
WinReanimator does happen to contain GPL'ed code of any kind,
perhaps, for example, some amount of code used to read and act upon
the database, I'd assume they would have a difficult time arguing
that an anti-malware program isn't an extension of an anti-malware
database along with the code used to read and act upon an anti-
malware database, and one could try and argue that their license
isn't enforceable given the GPL components and that the entire
WinReanimator program should therefore be GPL'ed.
Now, for my disclaimer. I've made mistakes before, and everything
I've said above could be complete rubbish and a complete
misinterpretation of the GPL. The above is my opinion, but I
believe it to be fairly accurate.
Flexible Medical Administration programs. Click to start advancing your career.
More information about the clamav-win32