Thanks for the follow up. I had the wrong impression. I'll have to take another look.
You also raised another concern of mine. Is it correct that clamav does not contain signatures for memory resident only malware? Thanks again, Jason On Mon, Apr 9, 2012 at 1:03 PM, Gianluigi Tiesi <sher...@netfarm.it> wrote: > On 09/04/2012 15:31, Jason Gionta wrote: > >> Bump... Can anyone confirm that clamav-win does not scan memory resident >> files but files associated with resident processes from disk? >> >> Thanks, >> > > ClamWin (not clamav-win32 the official port) scans on disk processes > loaded in memory (as you think), and if an executable "looks" (by using > some heuristics) packed it gets dumped from memory and then scanned, tough > not very useful because of missing signatures of such kind > It's not really scanning memory, but it can easy spot loaded malware > without scanning the whole system > > Regards > > -- > Gianluigi Tiesi <sher...@netfarm.it> > EDP Project Leader > Netfarm S.r.l. - http://www.netfarm.it/ > Free Software: http://oss.netfarm.it/ > > Q: Because it reverses the logical flow of conversation. > A: Why is putting a reply at the top of the message frowned upon? > -- Jason Gionta Cyber Defense Lab North Carolina State University jjgio...@ncsu.edu _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
