[clamav-win32] Feature request: supressing changes of win32 files
Sarocet
sarocet at gmail.com
Wed May 21 12:40:24 CEST 2008
Cuchuk Sergey wrote:
> I have an idea -
>
> viruses or warms often use binaries or executables - so when we're
> protecting them from changing(or asking for comfirmation of user for
> program(for example installers can overwrite them)) we're protecting data
> from viruses
>
That would also prevent you from updating them. A query "what do you
want to do" is not safe, as
a virus can answer it itself.
I think that's a completely different protecting method than the
antivirus one. Plus i don't think there're
so much virus modifying .exe instead of copying themselves.
You'd need to do it as a driver to intercept the action. Windows already
does something similar
with Windows File Protection. You could have it protect other folders, too.
More information about the clamav-win32
mailing list