Re: clamav and magic byte
* Andrey Bayora:
>> "...Andrey Bayora just describes one way to create new viruses, there are
> countless others."
>
> Please, read http://www.securityelf.org/magicbyteadv.html - there
> are 13 CVE numbers issued for this BUG.
Often, CVE numbers are assigned because vendors release updates, not
to bless a bug in some way.
> If it is not - why AV vendors issues patches for this "issue"?
Apparent inaction (leading to a potential loss in market share) is
more expensive than pushing out updates to customers, it seems.
> The "new viruses" opinion comes mostly from AV companies that did not want
> to believe that their AV has such trivial BUG.
It's not a bug, it's a design property of such ssystems.
To be clear, the issue you point out is real, but this is the
fundamental problem with client-side antivirus software: It can only
detect things which haven't been specifically crafted to go
undetected. Since (most?) signatures are publicly available, it's
pretty easy to tweak your malware until it passes popular scanners.
In this round of Core Wars, the piece of software which was written
last almost always wins.
Reply to: