Hello,
Could someone please explain the exact flow of how each type of signature file is used when scanning a file? I'm guessing that when a file is scanned, it is first checked against the Md5 signatures within the HDB files. If that passes, it is then checked against the Md5's of the FP files to see if it needs to be ignored. After that, the scan proceeds to check the file with the other remaining signature types. Is this flow correct? The reason I ask is that we have recently seen some critical Windows files be detected by HDB signatures, and adding that file's Md5 to the an FP file does not prevent the file from being detected. We can of course resolve the issue by removing the offending HDB signatures, but wanted to know the exact flow of a scan and ensure that was the reason FP's did not work versus HDB's. Thank you, - Matt Forbis _________________________________________________________________ Windows Live™ SkyDrive™: Get 25 GB of free online storage. http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
