Török Edwin wrote: > A simpler form of this is already implemented in 0.96 :) > > If a file is determined to be clean, its MD5 is added to an in-memory cache. > When scanning a new file, its MD5 is computed and looked up in the > cache. If found, it is considered clean. > On DB reload the entire cache is cleared. > > Best regards, > --Edwin >
Create two files with a colliding md5. One is innocuous, the other is infected. Send the clean one first. clamav will note it is clean and cache the md5. Send the malicious one after a while. The hash in on the cache so it bypasses the AV. Profit. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
