On Mon, 15 Mar 2004 20:02:49 +0000 (GMT) Andy Fiddaman <[EMAIL PROTECTED]> wrote:
> > > On Mon, 15 Mar 2004, Martin A. Brooks wrote: > ; Part of the text file is a boilerplate set of instructions on how > to make; an EICAR test file. Clam detects this signature and marks > the file as; being infected. NAI and Norton AV do not. > ; > ; I'm undecided as to which action is correct and would therefore > appreciate; other opinions. > > Clam's behaviour is incorrect because the Eicar test file page > (http://www.eicar.org/anti_virus_test_file.htm) states: > "Any anti-virus product that supports the test file should detect it > in any file providing that the file starts with the following 68 > characters, and is exactly 68 bytes long:" > > I don't know whether the limitation is in Clam's current database > format or in the current signature. Hopefully that will be fixed in 0.80. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Mar 16 00:00:56 CET 2004
pgp00000.pgp
Description: PGP signature
