Hi there,
On Sat, 23 Mar 2013, Steven Morgan wrote:
On Thu, 21 Mar 2013, G.W. Haywood wrote:
I want to be able to disable compilation of the bytecode interpreter
at configure time.
Please try running ./configure with the --disable-llvm option.
Thanks for the reply.
Does that do what I'm
Welldata is data. There is no difference (from a storage perspective)
from an executable with an inc ecx instruction or a text document with an
A. Both are represented by the value 0x41. So from Clam's perspective,
a signature matching a single A would be identical to a signature that
It was pointed out to me that in my explanation I failed to lay out how
ClamAV avoids alerting on both executable and html files with a single
signature. Signatures can be tagged with a target type. A signature of
type one would only evaluate against portable executable (PE) files. While
a
Hi Matt
Thanks for your detailed explanation on how signature gets stored and
interpreted.
I was looking up the codes in libclamav to see what data formats get used
for string compare. Some backtracking from cli_bm_scanbuff took me to str.c
where I see there is a function cli_hex2str, which if I