> So I would like to ask, does bytecode have access to its environment > (like ActiveX unfortunately did) and, how well is bytecode sandboxed?
Well, first of all, only bytecode signatures published by Cisco/Talos are considered "trusted" and will run by default. You would have to manually specify if you wanted to run unsigned bytecode signatures. >From what I've read, the bytecode is C-like, but it is limited in that it can't access system calls or memory, can only access the file to be scanned, it does have an internal timeout, and other security measures to prevent it from arbitrarily doing what it wants. You can always look through the source code if you want. It doesn't seem like the bytecode database gets updated very often. I suppose it is reserved for complex scanning when the pattern matching of the regular databases just won't cut it... _______________________________________________ clamav-users mailing list firstname.lastname@example.org http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml