|Main Archive Page > Month Archives > clamav-users archives|
On Tue, 04 Aug 2009 13:55:29 +0700
Nguyen Duy Anh Tuan <email@example.com> wrote:
> Hi there,
> I've just been starting to study how clamav works.
> Can u show me the scanning method of clamav when dealing with md5
> I tried some test, but I dont understand at all :(
> - fist, I used clamscan to scan file clam.ea06.exe in folder "test"
> of clamav source and it reported virus ClamAV-Test-File, I searched in
> main.cvd and found that the signature was located in main.hdb file, so
> it means that it's md5 checksum? right? here it is:
> - then, I calculated md5 checksum of file "clam.ea06.exe" by using "
> sigtool --md5 " and i got this
> - I also got the different checksum of file "clam.ea05.exe"
> but clamav still reported the same virus.
> Please help me out! Thanks in advanced!
Tip: run 'clamscan --debug --leave-temps clam.ea06.exe' and look at the temporary files -- oo ..... Tomasz Kojm <firstname.lastname@example.org> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Aug 4 08:58:33 CEST 2009 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml