|Main Archive Page > Month Archives > clamav-users archives|
* Sarocet wrote:
> Tomasz Kojm wrote:
>> These are poor examples, which are almost identical (only 6 bytes
>> differ). Now, take a notepad.exe and create a malicious file with the
>> same file size and MD5.
> Read again the scenario.
Scan the scenario. Neither file has a virus.
Seriously, I'll agree with you that using MD5 for this isn't the best idea.
It may not get them today, but it will get them. The ClamAV Team should
consider using a better algorithm. However, until someone does this right and
pulls one over on the Engine, I don't think that will happen.
So, minds smarter than me, what we need is as follows.
A non-lethally loaded ( EICAR or ClamAV Test ) and a clean file.
That each have the same size, and have the same MD5 checksum.
Lets see how many feature reqs we can wring out of this thread.
I think the count is at 2 already.
-- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com