On Thu, 4 Nov 2004 11:47:41 +0200 (CAT) Jim Holland <[EMAIL PROTECTED]> wrote:
> The attachment is clearly malware (the message looks like a Klez Clearly? How do you know that? Do you have a code analyser built into your eyes? > virus-free(fortunately it then goes on to block it because of the file > name, but that is besides the point). Is the above report an error > with ClamAV, or is the file actually harmless because of the broken PE > header? Would it not be desirable for ClamAV to flag such files as > being viruses (even if they are broken)? The way libclamav works in the case of executable files is: 1. check the file against the signature database and stop scanning if virus is found 2. run PE parser (report broken executables; try to guess and unpack compressed files) So it doesn't re-eject files without scanning just because they seem to be broken. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Nov 4 13:08:19 CET 2004
pgpt1D9090Gy4.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
