ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Alternate Data Streams And Scanning
GuitarBob


Joined: 09 Jul 2006
Posts: 4362
Location: USA
Reply with quote
I see that a few antivirus products are now scanning for alternate data streams (ADS) on NTFS computers. Is there any need to do so? If so, does ClamWin do this?

Here is an informative article about ADS: http://www.diamondcs.com.au/index.php?page=archive&id=ntfs-streams

Regards,
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 898
Location: Italy
Reply with quote
Shocked
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
we looked at ADS earlier and deemed them as a low threat. Here is the quote form the page you mentioned:
Quote:

Q. If I double-click on a file that has an executable stream attached to it, will the stream execute?
A. No. The stream can only be executed if called directly - typically this can only be done by a program. You'll never accidently execute a stream.


So in order to execute a code from an ADS there needs to be a loader program which ClamAV would be able to identify as a virus.
View user's profileSend private message
ADS
GuitarBob


Joined: 09 Jul 2006
Posts: 4362
Location: USA
Reply with quote
Thanks for the info, Alch. It seems that threats are sometimes exaggerated, and resources are limited, so it's prudent to concentrate upon what is most likely to occur. I heard that Intel wasn't even aware of ADS until fairly recently. Perhaps it will go away with Vista.

Regards,
View user's profileSend private message
Alternate Data Streams And Scanning
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic