On Mon, 18 Oct 2004 04:41:36 +0200 Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Sun, 17 Oct 2004 21:36:22 -0500 (CDT) > Damian Menscher <[EMAIL PROTECTED]> wrote: > > > On Sun, 17 Oct 2004, Tomasz Kojm wrote: > > > On Sun, 17 Oct 2004 14:54:07 +0100 "Steve Basford" > > > <[EMAIL PROTECTED]> wrote: > > > > > > > Can someone test ClamAV with these files: > > > > http://www.hiddenbit.org/demo_files/jpeg.zip > > > > > > ClamAV is technically prepared to catch those files but they > > > require more generic signatures that can produce false positive > > > alerts with JPEG files on versions older than 0.80rc4 (because > > > they don't contain a special JPEG exploit verification code). The > > > database will be updated in the very near future, though. > > > > For those running 0.80rc4 or 0.80 final, you can catch all jpeg > > exploits with the following signature (add it to a local.ndb file in > > your database directory): > > > > Exploit.JPEG.Comment.FalsePos:5:0:ffd8ff > > > > Warning: do NOT use this if you're running 0.80rc[123], since it > > WILL cause false positives. Also, do NOT change the name. The > > ClamAV code > > Please do not use it. It seems the JPEG exploit verificator is still > not perfect and may not eliminate all false positive matches. False alert. It appeared some Japanese camera software creates broken pictures. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Oct 18 11:20:11 CEST 2004
pgp3VvyVRwWqC.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users