Damian Menscher wrote:On Tue, 28 Sep 2004, Tomasz Kojm wrote:I may be not 100% correct on this one, but the current (as of 0.75) database format is too limited for this, as it only supports basic "jokers" (1 char or any number of chars), but here you need to match at least the JPEG header itself _at the beginning of the file_.On Mon, 27 Sep 2004 23:06:40 -0400 Matthew Daubenspeck <[EMAIL PROTECTED]> wrote:
Will there be an updated signature for the new jpeg "virus" for the 0.75 series of ClamAV?
No, there will not - only 0.8x can detect JPEG exploits.
Uhh, I understand that only 0.8x can detect them heuristically (by looking for FFFE 000[01] in a .jpg, but there *should* be signatures for known exploits. Or is the currently-known .jpg worm polymorphic?
Yes, that is correct. However, that just means that 0.7x can't detect this heuristically. It does NOT mean that they can't look for a specific virus exploiting the generic flaw.
Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=-
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
