* Sarocet wrote: > Tomasz Kojm wrote: >> These are poor examples, which are almost identical (only 6 bytes >> differ). Now, take a notepad.exe and create a malicious file with the >> same file size and MD5. >> >> Thanks, >> > > Read again the scenario.
Scan the scenario. Neither file has a virus. :-) Seriously, I'll agree with you that using MD5 for this isn't the best idea. It may not get them today, but it will get them. The ClamAV Team should consider using a better algorithm. However, until someone does this right and pulls one over on the Engine, I don't think that will happen. So, minds smarter than me, what we need is as follows. A non-lethally loaded ( EICAR or ClamAV Test ) and a clean file. That each have the same size, and have the same MD5 checksum. Lets see how many feature reqs we can wring out of this thread. I think the count is at 2 already. :-) LOL -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
