Hi Kam,
I was wondering if you could follow up on this with an update. It looks like from the BC documentation that this script was included in 0.9.12, correct? I was curious what you found out about why it was not in the distributed release of TSK.
I also wanted to make sure I understand the capacities of ClamTK and the TSK script. ClamTK can only scan a disk image if the image is mounted, but the TSK script can scan for viruses within a disk image without actually mounting it?
So, for example, if I had a floppy disk with a boot sector virus and I created a raw image of the disk, running ClamTK over the unmounted disk image file would not catch the virus, but running the TSK script over it would?
Thanks,
Christie Peterson