On Mon, 2004-10-18 at 15:40, Brian Morrison wrote: > On Mon, 18 Oct 2004 11:22:01 +0200 in > [EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]> > wrote: > > > > > For those running 0.80rc4 or 0.80 final, you can catch all jpeg > > > > exploits with the following signature (add it to a local.ndb file > > > > in your database directory): > > > > > > > > Exploit.JPEG.Comment.FalsePos:5:0:ffd8ff > > > > > > > > Warning: do NOT use this if you're running 0.80rc[123], since it > > > > WILL cause false positives. Also, do NOT change the name. The > > > > ClamAV code > > > > > > Please do not use it. It seems the JPEG exploit verificator is > > > still not perfect and may not eliminate all false positive matches. > > > > False alert. It appeared some Japanese camera software creates broken > > pictures. > > So that signature *is* safe to use? Or have I read your comment wrongly?
It should be safe to use with 0.80, but on the other hand, it'll match *every* JPEG file and process them through the false positive elimination code, which will impact performance (very slightly). -trog
signature.asc
Description: This is a digitally signed message part
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
