Tomasz Kojm wrote: > These are poor examples, which are almost identical (only 6 bytes > differ). Now, take a notepad.exe and create a malicious file with the > same file size and MD5. > > Thanks, >
Read again the scenario. Both files are created by the attacker. When the AV marks as clean the first one, the second can then go unnoticed durint a window frame, even if the AV would otherwise detect it. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
