Paul Kosinski in message 'Re: [Clamav-users] clamscan extremly slow' wrote: > > Also, I have noticed that Norton/Symantec, McAfee, CA etc. seem to > include new executable code in their signature updates. Likely they > add special-case code for some new threats, rather than only data. > But I would be very unhappy if clamav added new code on the fly: that > could really open the door to a nastier variety of malware. >
in case of commercial scanners this is possible because most of them
run on Windows and on intel platform. Clamav runs on different
architectures so including binary code in daily-signatures is hardly
possible, so don't be afraid ;)
Some time ago I thought about possibility of sending packed source
code of plugins [in signature updates], that could be compiled when
downloaded and used by clamav.
This would allow fight malwares, that detecting them requires some
changes in engine.
But I'm not sure if such a change wouldn't generate too much load on
clamav servers.
cheers, Michał Spadliński
--
main(int a[puts("Michal 'GiM' Spadlinski")]){}
signature.asc
Description: Digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
