Re: clamav and magic byte
* Andrey Bayora:
> OK, last try to convince you... :)
>> It's not a bug, it's a design property of such ssystems
> In other words: it is a design error (feature).
Sure, if you want to put it that way.
> As I point out my whitepaper, the "changed" viruses STILL detected with the
> SAME signature.
> And then, "a magic" - you change the FIRST byte to anything and the virus is
> detected, but when you change to "M" (exe magic byte) - the AV fails.What is
> your conclusion?
Fixing this particular instance does not address the inherent design
flaws of malware scanning. Therefore, it's just a token measure.