On 10/10/2011 5:28 AM, Matus UHLAR - fantomas wrote:
On 9/30/2011 10:56 PM, Nathan Gibbs wrote:
clamscan itself isn't that smart, but if you are using unix, find could
feed a list of things to clamscan.
On 03.10.11 11:34, Bowie Bailey wrote:
>Just keep in mind that it is quite easy to arbitrarily change a file's
timestamp in linux, so it would be possible for a malicious program to
modify a file and then update the timestamp so that it looks like the
file has not been modified.
luckily un*x filesystems have ctime (inode change time) which changes
everytime someone does this, so find can use -ctime option to get even
such files
On 10.10.11 11:36, Bowie Bailey wrote:
That is much safer than using mtime, but ctime can still be modified if
a hacker/malicious program has root access.
if a hacker/malicious program has root access, it's quite irelevant
whether what data will clamav get...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
