clam says boot.efi Broken.Executable
Landon Fuller
landonf at macports.org
Sun Jun 29 18:50:47 PDT 2008
On Jun 29, 2008, at 2:43 PM, Brian Flaherty wrote:
> This is also what the --detect-broken option for clamscan is supposed
> to detect. It doesn't seem odd (to me) that a boot file would be
> structured differently than a standard executable.
"EFI uses a subset of the PE32+ image format with a modified header
signature. The modification
to signature value in the PE32+ image is done to distinguish EFI
images from normal PE32
executables. The “+” addition to PE32 provides the 64 bit relocation
fix-up extensions to standard
PE32 format. "
Intel EFI Spec v1.02, Section 4.2, EFI Image Header:
http://download.intel.com/technology/efi/docs/pdfs/EFISpec_v102.pdf
Cheers,
-landonf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.macosforge.org/pipermail/macports-users/attachments/20080629/3069c956/attachment.bin
More information about the macports-users
mailing list