On Sun, 17 Oct 2004 21:36:22 -0500 (CDT) Damian Menscher <[EMAIL PROTECTED]> wrote:
> On Sun, 17 Oct 2004, Tomasz Kojm wrote: > > On Sun, 17 Oct 2004 14:54:07 +0100 "Steve Basford" > > <[EMAIL PROTECTED]> wrote: > > > > > Can someone test ClamAV with these files: > > > http://www.hiddenbit.org/demo_files/jpeg.zip > > > > ClamAV is technically prepared to catch those files but they require > > more generic signatures that can produce false positive alerts with > > JPEG files on versions older than 0.80rc4 (because they don't > > contain a special JPEG exploit verification code). The database will > > be updated in the very near future, though. > > For those running 0.80rc4 or 0.80 final, you can catch all jpeg > exploits with the following signature (add it to a local.ndb file in > your database directory): > > Exploit.JPEG.Comment.FalsePos:5:0:ffd8ff > > Warning: do NOT use this if you're running 0.80rc[123], since it WILL > cause false positives. Also, do NOT change the name. The ClamAV code Please do not use it. It seems the JPEG exploit verificator is still not perfect and may not eliminate all false positive matches. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Oct 18 04:39:44 CEST 2004
pgpnlQJaXDCXL.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
