Tomasz Kojm wrote: > On Mon, 24 May 2010 22:22:46 +0200 Sarocet wrote: > >> Create two files with a colliding md5. One is innocuous, the other is >> infected. >> Send the clean one first. clamav will note it is clean and cache the md5. >> > The cache also checks file sizes > > >> Send the malicious one after a while. The hash in on the cache so it >> bypasses the AV. >> Profit. >> > Good luck, >
I don't need to be specially lucky. It's just one google search away. http://www.mscs.dal.ca/~selinger/md5collision/ Download these to files: http://www.mscs.dal.ca/~selinger/md5collision/hello.exe http://www.mscs.dal.ca/~selinger/md5collision/erase.exe Both files have the same filesize (6144) and md5 cdc47d670159eef60916ca03a9d4a007 The first one salutes the world. The second one erases the drive (or so it says :) Md5 is broken, guys. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
