|
|
|
|
|
|
by walls
1512 days ago
|
|
|
Lets say you have an anti-malware service that sees file1, analyzes it, and decides the file is benign. The service then updates a database saying 'hash xyz has been analyzed and is benign'. Then you send file2 which is actually malicious, and the service decides it has already analyzed this file and lets it go. This would work on a lot of big AV appliances and software. A surprising amount of these are still using md5 for de-duplication. |
|
|