 | Memory Scan Question |  |
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Fri Nov 02, 2007 12:16 pm |
|
 |
 |
 |
 |
When ClamWin performs a memory scan, does it actually scan the segments of RAM or does it cache the data to a temp file(s) on disk and then scan the file(s)?
Regards,
|
|
Wild~Fire
Joined: 03 Nov 2007 |
Posts: 0 |
|
|
 |
Posted: Sat Nov 03, 2007 1:42 am |
|
 |
 |
 |
 |
You could probably find out if you used Filemon? It would be a waste of disk IO if it did write to disk first. I wasn't aware of an option to scan memory but there is an option to unload infected programs from memory so it must scan memory one of two ways.
|
|
alch
Site Admin
Joined: 27 Nov 2005 |
Posts: 0 |
|
|
 |
Posted: Sat Nov 03, 2007 2:43 am |
|
 |
 |
 |
 |
Memory scan gets a exe and dll filename and scans the actual file.
|
|
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Sat Nov 03, 2007 3:08 am |
|
 |
 |
 |
 |
Could similar code be used to scan a http/Javascript/whatever stream coming into the browser from the Web--to spot exploits, when a real-time scanner becomes available?
Regards,
|
|
Wild~Fire
Joined: 03 Nov 2007 |
Posts: 0 |
|
|
 |
Posted: Sat Nov 03, 2007 4:22 am |
|
 |
 |
 |
 |
GuitarBob, I think that you're heading into the territory of 'exploits' now rather than AV. I don't think that it's the AVs job to catch these things although some do. Anyways I use a HIPS with CW just to supplement the fact that there are exploits that AV don't catch.
|
|
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Sat Nov 03, 2007 12:12 pm |
|
 |
 |
 |
 |
You could be right, but I see that Clam has a few signatures for exploits and "bad" HTML. At one time AVs didn't bother with ad/spyware, but most of them have expanded their definition of "malware" to include the more malevolent kind now. We're probably going to see more malware move away from overt files--perhaps even browser-based rootkits. A browser scanning service would give ClamWin some very good functionality that is separate from Clam AV.
Regards,
|
|
sherpya
Joined: 22 Mar 2006 |
Posts: 0 |
Location: Italy |
|
 |
Posted: Mon Nov 05, 2007 12:13 am |
|
 |
 |
 |
 |
there are already signature for html files, but I don't known what they are targeting
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by
phpBB © phpBB Group
Design by
phpBBStyles.com |
Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.