Tomasz Kojm wrote: > This scenario makes no much sense to me. First of all, as I wrote in the > previous email the files you provided as example are almost identical > (they only differ in high nibbles of six bytes) and they share the same > "payload", this means that both of them should be detected by the AV as > malicious (in this case even using a single MD5 signature!). Due to the > nature of MD5 weaknesses it's pretty much impossible to create a working > malicious file that would have the same MD5 as, let's say notepad.exe. > What if it's an autoextracted file? ClamAV detects the inner compressed virus but not the executable heading.
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
