There is an article on eWeek.com today concerning "instability" in AV software due to the impossibility of adequately testing updates when releasing them as quickly as they are needed (www.eweek.com/article2/0,1895,2240656,00.asp?kc=EWKNLINF010208STR3).
As I understand it, ClamAV is perhaps unusual in that CVD updates are purely data and do not change the executable code, so "instability" is much less likely. On the other hand, perhaps some signature data, especially those pertaining to phishing, contain something like counts governing FOR loops, or worse yet, termination conditions governing WHILE loops. In these cases, scanning could take a long time -- or even forever -- if there were a bug. An even worse case would be a update with a bad data-length field, or an improperly terminated string, either of which could cause a crash. So my question is, do ClamAV signature updates have the potential to cause serious scanning problems, or is it limited to lesser problems like false positives? (Of course, all AV scanners are prone to false negatives on recent, or cleverly obfuscated, viruses.) _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
