How does the McAfee scanner detect virii?  I'm assuming it has an internal
database of "suspicious combinations of instructions" that it extracted
from it's list of known virii, and just checks executables/files for
instances of suspicious instruction combinations.

I can't think of a way it would work otherwise -- please enlighten me.

If this is true for DOS/Win, is it the same for Linux?  I've only used
virus scanners on Linux when it was an SMB server and had Windows clients
using it.  Does it have a database of linux virii to scan for?

I always wondered how they detected virii and not just "fdisk" or
"regedit".  (Of course, most of Windows should raise alarms anyway)

On Mon, 20 Nov 2000, Bill Layer wrote:

> Oh my!
>  
> > > Anyone ever run McAfee on a linux/Unix box?
> 
> MacAfee - The worst antivirus for Win32, coming to a platform near you! :)
> 
> Is there any way to convince them otherwise? Why not use a modern Antivirus
> product like AVX (www.avp.com) instead of a backwards, broken piece
> of junk like Crapafee? Even Norton products would be preferable..
> 

---------------------------------------------------------------------
Timothy Houck
thouck at thouck.com
www.thouck.com