ClamWin Free Antivirus :: View topic

Posted: Sun Jan 07, 2007 1:08 am

Does a portion of code inspected by ClamWin have to contain the exact signature of a known virus before it is flagged as a virus? If it does require the exact signature, then would it be possible to determine if a piece of code contains a certain percentage of the code found in a known virus signature? If this could be done, you could set a "tolerance" of 95 % or so to minimize false positives and then make an intelligent guess as to whether or not there is a virus.

This might not apply to all situations, so you might only want to use it in special situations.

Regards,

Posted: Thu Jan 11, 2007 11:57 am

GuitarBob wrote:

Does a portion of code inspected by ClamWin have to contain the exact signature of a known virus before it is flagged as a virus? If it does require the exact signature, then would it be possible to determine if a piece of code contains a certain percentage of the code found in a known virus signature? If this could be done, you could set a "tolerance" of 95 % or so to minimize false positives and then make an intelligent guess as to whether or not there is a virus.

This might not apply to all situations, so you might only want to use it in special situations.

Regards,

I think that feature must be implemented in ClamAV, as a extra feature.
Maybe looking in ClamAV site/forum/wiki/mailinglist Smile

.