On Tue, 2009-08-04 at 08:59 +0200, Tomasz Kojm wrote: > On Tue, 04 Aug 2009 13:55:29 +0700 > Nguyen Duy Anh Tuan <[email protected]> wrote: > > > Hi there, > > I've just been starting to study how clamav works. > > Can u show me the scanning method of clamav when dealing with md5 > > signatures? > > I tried some test, but I dont understand at all :( > > - fist, I used clamscan to scan file clam.ea06.exe in folder "test" > > of clamav source and it reported virus ClamAV-Test-File, I searched in > > main.cvd and found that the signature was located in main.hdb file, so > > it means that it's md5 checksum? right? here it is: > > aa15bcf478d165efd2065190eb473bcb:544:ClamAV-Test-File > > > > - then, I calculated md5 checksum of file "clam.ea06.exe" by using " > > sigtool --md5 " and i got this > > 21d1acd7ff5a8ff24b08d07be6f47709:257960:clam.ea06.exe > > > > - I also got the different checksum of file "clam.ea05.exe" > > 6b2324ea0df473777f58ca8d59d53ea5:211738:clam.ea05.exe > > but clamav still reported the same virus. > > > > Please help me out! Thanks in advanced! > > Tip: run 'clamscan --debug --leave-temps clam.ea06.exe' and look at the > temporary files > Thx for your tip! I got it.
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
