Ted,
Sorry, but doesn't "AV status" above refer to the existing, proprietary anti-virus
systems? How does standardizing an attribute for carrying that help
create a standardized understanding of what it means? Don't I still
have to treat that as, essentially, a vendor attribute, since I have
to know which vendor statuses cover which vulnerabilities?
Or do you mean "there is some anti-virus software here"?
I would think that five or six values are appropriate:
1. Vendor name (string)
2. Vendor engine version (integer)
3. Vendor virus definitions version (integer)
4. Enabled? (binary)
5. Buggered? (binary)
6. Other gobbledigook the vendor wants to include that might get
standardized later. (blob)
I could envision 3 being a bit of an issue if it is possible to update
specific viruses but not others.
I would expect the normal enterprise administrator to be able to act on
the first 5. The 6th is there as a placeholder. I'm not sure I'd trust
5 if it's false. I'd also suggest we're well into solving the problem
at this point.
Eliot
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf