On Thu, 4 Nov 2004 16:43:41 +0200 (CAT) [EMAIL PROTECTED] wrote: > > The way libclamav works in the case of executable files is: > > > > 1. check the file against the signature database and stop scanning > > if virus is found > > > > 2. run PE parser (report broken executables; try to guess and unpack > > compressed files) > > > > So it doesn't re-eject files without scanning just because they > > seem to be broken. > > Wouldn't it be possible to specifically detect viruses that generate > broken executables such as this one? ie continue to scan it even if it > is found to be broken - surely the file would still have a signature > that could be recognised? It would then make it easier to decide > whether to remove the attachment from the message and pass on the > message with a warning (in case some software is simply corrupt) or > else if it was labelled as a known virus then it could just be dumped > without informing the recipient at all.
Read my answer above. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Nov 4 19:14:56 CET 2004
pgpGsrp8seJtE.pgp
Description: PGP signature
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
