[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: clamav and magic byte

* Andrey Bayora:

> OK, last try to convince you... :)
>> It's not a bug, it's a design property of such ssystems
> In other words: it is a design error (feature).

Sure, if you want to put it that way.

> As I point out my whitepaper, the "changed" viruses STILL detected with the
> SAME signature.
> And then, "a magic" - you change the FIRST byte to anything and the virus is
> detected, but when you change to "M" (exe magic byte) - the AV fails.What is
> your conclusion?

Fixing this particular instance does not address the inherent design
flaws of malware scanning.  Therefore, it's just a token measure.

Reply to: