On Mar 29, 2015, at 7:57 AM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote:
On 3/29/15 4:55 AM, TR Shaw wrote: On Mar 29, 2015, at 1:45 AM, Dennis Peterson <denni...@inetnw.com<mailto:denni...@inetnw.com>> wrote: On 3/28/15 10:43 PM, Jinwon Lee wrote: Thanks for that. I guess ‘Hash Value’ refers to the ClamAV identifying the .dmg as a known file that contains virus/es. Jinwon That was the case too for password protected zip files. If you can't burst the contents you condemn the wrapper. Not entirely complete as you can tell ClamAV to mark encrypted zip and rar's as viruses without having a "sig". Many milters will do the same without invoking clamav, so that's of limited value. A feature is a feature to someone. Not everyone finds it useful, but for the 10 people that do, it’s the most important thing to them. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos Group _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
