Re: clamav and magic byte

To: "Andrey Bayora" <andrey@securityelf.org>
Cc: <debian-security@lists.debian.org>
Subject: Re: clamav and magic byte
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 03 Nov 2005 22:58:06 +0100
Message-id: <[🔎] 87ll05bdht.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 008301c5e0c1$330c4800$0501a8c0@home> (Andrey Bayora's message of "Thu, 3 Nov 2005 23:54:37 +0200")
References: <[🔎] 007301c5e0ba$41af17e0$0501a8c0@home> <[🔎] 87mzklctk9.fsf@mid.deneb.enyo.de> <[🔎] 008301c5e0c1$330c4800$0501a8c0@home>

* Andrey Bayora:

> OK, last try to convince you... :)
>
>> It's not a bug, it's a design property of such ssystems
>
> In other words: it is a design error (feature).

Sure, if you want to put it that way.

> As I point out my whitepaper, the "changed" viruses STILL detected with the
> SAME signature.
> And then, "a magic" - you change the FIRST byte to anything and the virus is
> detected, but when you change to "M" (exe magic byte) - the AV fails.What is
> your conclusion?

Fixing this particular instance does not address the inherent design
flaws of malware scanning.  Therefore, it's just a token measure.

Reply to:

References:
- Re: Re: clamav and magic byte
  - From: "Andrey Bayora" <andrey@securityelf.org>
- Re: clamav and magic byte
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: clamav and magic byte
  - From: "Andrey Bayora" <andrey@securityelf.org>

Prev by Date: Re: clamav and magic byte
Next by Date: Re: clamav and magic byte
Previous by thread: Re: clamav and magic byte
Next by thread: volunteer computer-geek to help us for FREE? please contact !
Index(es):
- Date
- Thread