clamav-users May 2010 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] Reload process

Re: [Clamav-users] Reload process

From: Nathan Gibbs <nathan_at_nospam>
Date: Tue May 25 2010 - 01:39:00 GMT
To: ClamAV users ML <>

* Sarocet wrote:
> Tomasz Kojm wrote:
>> These are poor examples, which are almost identical (only 6 bytes
>> differ). Now, take a notepad.exe and create a malicious file with the
>> same file size and MD5.
>> Thanks,
> Read again the scenario.

Scan the scenario. Neither file has a virus.

Seriously, I'll agree with you that using MD5 for this isn't the best idea.
It may not get them today, but it will get them. The ClamAV Team should
consider using a better algorithm. However, until someone does this right and
pulls one over on the Engine, I don't think that will happen.

So, minds smarter than me, what we need is as follows.

A non-lethally loaded ( EICAR or ClamAV Test ) and a clean file.

That each have the same size, and have the same MD5 checksum.

Lets see how many feature reqs we can wring out of this thread.
I think the count is at 2 already.

-- Sincerely, Nathan Gibbs Systems Administrator Christ Media

Help us build a comprehensive ClamAV guide: visit