Tomasz Kojm wrote: > Sarocet wrote: > >> What if it's an autoextracted file? ClamAV detects the inner compressed >> virus >> but not the executable heading. >> > I don't get it.. if ClamAV detects a virus in any extracted file it > marks the whole container infected >
Container extracts to Good_file Container' extracts to Bad_file md5(Container) = md5(Container') ClamAV has a signature matching Bad_file. Dennis wrote: > A miracle occurs and the second file is executed and takes over the > system. I'm aware that there are other, easier ways to bypass the AV (eg. pack it on a executable created just for that). But how good is an AV software that sometimes doesn't find a virus it knows about? :) _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
