I may be not 100% correct on this one, but the current (as of 0.75) database format is too limited for this, as it only supports basic "jokers" (1 char or any number of chars), but here you need to match at least the JPEG header itself _at the beginning of the file_.On Tue, 28 Sep 2004, Tomasz Kojm wrote:
On Mon, 27 Sep 2004 23:06:40 -0400 Matthew Daubenspeck <[EMAIL PROTECTED]> wrote:
Will there be an updated signature for the new jpeg "virus" for the 0.75 series of ClamAV?
No, there will not - only 0.8x can detect JPEG exploits.
Uhh, I understand that only 0.8x can detect them heuristically (by looking for FFFE 000[01] in a .jpg, but there *should* be signatures for known exploits. Or is the currently-known .jpg worm polymorphic?
Damian Menscher
Look into the archives for postings from trog on this subject, I remember he had similar (and maybe technically more correct) answers.
Thomas
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
