Arnaud Huret <[EMAIL PROTECTED]> wrote: > As we are experimenting ClamAV, we still maintain during evaluation > period a second (and historic) defense line with TrendMicro > VirusWall which we plan to abandon shortly. I observed that > VirusWall (the second line defense) reported 8 hits on (SomeFool) > Worm.Netsky.P .Y .and .W. > > 'DetectBrokenExecutables' is activated. (Logfiles are below).
Sometimes one scanner will pick up broken malware when another fails, it all depends if the section used by a particular scanner for a signature has been corrupted or not. In my experience Clam tends to pick up a lot of damaged malware missed by the 'big gun' commercial scanners like Symantec and Kaspersky. Clam checks the PE header etc for obvious signs of damage, however if the corruption lies in the actual code 'DetectBrokenExecutables' detection will fail (this is based on my reading of pe.c). Regards, Simon _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
