On Mon, 18 Oct 2004 11:22:01 +0200 in [EMAIL PROTECTED] Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> > > For those running 0.80rc4 or 0.80 final, you can catch all jpeg > > > exploits with the following signature (add it to a local.ndb file > > > in your database directory): > > > > > > Exploit.JPEG.Comment.FalsePos:5:0:ffd8ff > > > > > > Warning: do NOT use this if you're running 0.80rc[123], since it > > > WILL cause false positives. Also, do NOT change the name. The > > > ClamAV code > > > > Please do not use it. It seems the JPEG exploit verificator is > > still not perfect and may not eliminate all false positive matches. > > False alert. It appeared some Japanese camera software creates broken > pictures. So that signature *is* safe to use? Or have I read your comment wrongly? -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
