Hi there, On Wed, 8 Feb 2012, Joel Esler wrote:
We're looking into a solution for this.
A simple solution would be to encrypt the database (even when it's in memory) and have the scanning engine be able to decrypt it on the fly. It wouldn't _have_ to take forever. :( Chuck Swiger wrote:
Oh, sure...when this issue was first noticed, anti-virus providers started doing things like obfuscating or encrypting the malware signatures. However, since malware generally also tries to conceal itself, anti-virus software tries to un-obfuscate stuff (with varying degrees of success). It's a circumstance where you can chicken-and-egg indefinitely.
I'm not convinced that a PATTERN which matches a virus 'signature' must necessarily trigger the detection of the signature by another scanner. For example "[Vv][iI][Rr][uU][Ss]" matches "Virus" but it doesn't look even remotely like it. Maybe I haven't had enough chocolate today and I don't understand the problem well enough...
Or you can simply decide to not quarantine or delete filesystem locations containing malware signatures.
Giving malicious software a convenient place to stay? :) -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
