Hi there,
I've just been starting to study how clamav works.
Can u show me the scanning method of clamav when dealing with md5
signatures?
I tried some test, but I dont understand at all :(
- fist, I used clamscan to scan file clam.ea06.exe in folder "test" of
clamav source and it reported virus ClamAV-Test-File, I searched in
main.cvd and found that the signature was located in main.hdb file, so
it means that it's md5 checksum? right? here it is:
aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File
- then, I calculated md5 checksum of file "clam.ea06.exe" by using "
sigtool --md5 " and i got this
21d1acd7ff5a8ff24b08d07be6f47709:257960:clam.ea06.exe
- I also got the different checksum of file "clam.ea05.exe"
6b2324ea0df473777f58ca8d59d53ea5:211738:clam.ea05.exe
but clamav still reported the same virus.
Please help me out! Thanks in advanced!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
