Thomas Sprinkmeier a écrit :
Is deleting it enough?
My advice is to nuke infected systems. Even benign programs rarely
uninstall cleanly; malware is nasty and designed not to go quietly.
To nuke you mean just reformatting the space and to a re-install ?
"oversized" archives are also known as compression bombs. You take a
file with a few gazzilion NULL's (easy to do on a filesystem with sparse
file support) and compress it.
The victim tries to unzip it to check for viruses and nukes their free
disk space.
I don't know which exactly how clamAV check for these, but sometimes
inncent files are tagged (files that really do have fantastic
compression ratios).
Unzip the file (preferably to a safe partition) and scan the resultant
files.
I naively did this unzipping already when I wanted to upgrade the YEPP
studio...
The sum of the folders + files sizes looks about the same as the size
of the zip archive. Could it be a false positive ?
Thank you again
Pascal
___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son interface révolutionnaire.
http://fr.mail.yahoo.com
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
