On Tue, 25 May 2010 16:27:48 +0200 Sarocet <saro...@gmail.com> wrote: > Tomasz Kojm wrote: >> This scenario makes no much sense to me. First of all, as I wrote in the >> previous email the files you provided as example are almost identical >> (they only differ in high nibbles of six bytes) and they share the same >> "payload", this means that both of them should be detected by the AV as >> malicious (in this case even using a single MD5 signature!). Due to the >> nature of MD5 weaknesses it's pretty much impossible to create a working >> malicious file that would have the same MD5 as, let's say notepad.exe. >> > What if it's an autoextracted file? ClamAV detects the inner compressed > virus > but not the executable heading.
I don't get it.. if ClamAV detects a virus in any extracted file it marks the whole container infected -- oo ..... Tomasz Kojm <tk...@clamav.net> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue May 25 16:49:44 CEST 2010 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
