Hi List, On Fri, Sep 17, 2004 at 03:31:25PM +0200, Daniel Lord wrote: > those two are valid and (IMHO) catch the xploit in JFIF and EXIF but may also > produce false positives. Just test them.
Those signatures don't catch the poc xploit found at http://www.gulftech.org/?node=downloads. But maybe it's better to leave this alone till there are real worms etc. to produce good signatures. At the moment clamav sigs don't seem good enought to catch this. (No support for absolute offsets) Greetings Daniel -- Alle Pilze sind eßbar. Manche sogar mehrmals. ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
