On 12/4/11 2:46 PM, "pritha srivastava" <pritha_srivast...@yahoo.com> wrote:
> 1. What do you mean by static malware. Why is MD5 based signature matching > suitable for static malware? > Static malware is not likely to change over time, so hash signatures don't have to be constantly updated. More and more, we are seeing malware that is being periodically changed, either to provide new features, fix bugs or simply to defeat AV software. With such dynamic malware, new hash signatures would have to be published with each change. In some cases malware authors have found ways to change the hash signature with each and every download, making identification using MD5 impossible. > 3. In the scan summary, the data scanned is lesser than the data read. Is the > data read include the data base also? > My understanding is that there are maximum limits on the file size, archive size, number of files within an archive, etc. Files that exceed these maximums are included as read but not scanned. I do not believe the database is included in these numbers. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
