Building a virus test library?

John Chambers,,,781-647-1813 jc at trillian.mit.edu
Wed Sep 15 20:45:33 EDT 1999 

This has come up at work, and it occurs to me  that  the  linux  gang
might have some good suggestions.

The idea is, you've got a product that includes a bunch of  tools  to
check  for  viruses  and  other  such baddies, and you'd like to give
evidence that it works, and isn't just a way of conning money out  of
worried  customers.   What  you  obviously need is a library of known
viruses, preferably one or two of each major type.  You turn  on  the
checking software, and then run some (expect) scripts that attempt to
download them.   You've  run  them  all  through  sum(1)  beforehand,
perhaps, so that you can verify that they didn't download correctly.

Sounds like it should be easy; you just go out to the Net and  ask  a
few search engines for sites with lots of virus info. You do that, go
check them  out,  and  discover  that,  while  lots  of  people  have
collected information (good or bad) about the little beasties, nobody
seems to have the actual code sitting there.  When  you  inquire,  it
quickly  becomes  obvious  that  they  think  you're a budding hacker
intent on getting some good samples as the  starting  point  of  more
little  monsters.   After a few weeks of looking, you have managed to
get your hands on one or two, but nothing that would impress even the
most clueless customer.

Any good suggestions?  It seems like linus would be a pretty good sort
of system for providing such a library.  Has anyone done it?  Is there
some industry-standard way of building such a useful test library?

Myself,  I  don't think I'd trust a salesman who tried to sell me any
sort of anti-virus software without a few good samples  to  demo  the
product's  effectiveness.   Though,  come  to think of it, I probably
wouldn't want to get the viruses from the same source. An independent
repository would be much more believable.

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list