On 05/25/2010 07:32 PM, Sarocet wrote: > Tomasz Kojm wrote: >> Sarocet wrote: >> >>> What if it's an autoextracted file? ClamAV detects the inner compressed >>> virus >>> but not the executable heading. >>> >> I don't get it.. if ClamAV detects a virus in any extracted file it >> marks the whole container infected >> > > Container extracts to Good_file > Container' extracts to Bad_file > > md5(Container) = md5(Container')
Shouldn't Good_file be considered malicious in this case? It was created for the purpose of hash collision with Bad_file ... Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
