Nathan, The scanning functions inside libclamav run in a certain order, and once it detects an infection inside a file it short-circuits further scanning. For example, smaller offsets are checked before larger offsets. There is no way to change the order by changing configuration.
Dave R. -- Dave Raynor Senior Research Engineer, VRT On Wed, Jun 6, 2012 at 7:37 PM, ng seclists <[email protected]> wrote: > Folks, > > I'm using clamscan 0.97.4 on Centos 5.8. > > Hello, I'm trying to accomplish something specific using my custom > databases. I have two custom databases, one matching on MD5 sums and > another matching on hex strings. When I run a scan using these databases, > it always matches the hex strings first and doesn't match the md5 strings. > I know the md5 strings match and also the hex strings match as I've tested > to ensure it's not a stupid mistake on my part. > > I've tested differing filenames, and passing one first to the CLI vs > another and there's no change. > > My question is, is there a way to force database priority, i.e. if there's > a match in the md5 database, skip checking that file in the hex database. > It really doesn't even have to exclusively match on the md5, if it matched > both that would be fine too. The debug output for running the scan with > only the md5 then only with the hex databases doesn't appear any different > when it gets to the file matching section. > > Is this even possible or will I have to run the scan twice, first matching > md5 and next matching hex? > > Why do I want to do this? Because I'm working on a project with > requirements to do it this way. Other suggestions would be helpful, however > I need to match on md5 first, then match on hex. > > If this isn't clear or if any additional information is required, please > let me know. > > Thanks in advance, > > Nathan > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
