persistence cache question

[Hermite15]

so just a question: I opened one of those files with wordpad and as expected, it's either encrypted or need special software to be read; I'd like to know what it contains to avoid scan processes going through files already scanned and referred to there; does it contain file names and locations, marked as clean, or file signatures No need to add that I'd rather learn that it's signatures, as files just marked as clean once could get infected later... easy to imagine the consequences if those files are then skipped when scanning. Thanks 

[igor]

Neither filenames/paths, nor signatures.
And no, it's not encrypted - it's just binary data (and pretty sparse, from what I can see), no text needed.

I'd leave it up to Vlk if he wants to comment on how exactly it works, but you don't have to worry that files modified by a fileinfector got skipped during subsequent scanning - that won't happen.

[Hermite15]

Neither filenames/paths, nor signatures.
And no, it's not encrypted - it's just binary data (and pretty sparse, from what I can see), no text needed.

I'd leave it up to Vlk if he wants to comment on how exactly it works, but you don't have to worry that files modified by a fileinfector got skipped during subsequent scanning - that won't happen.

OK thanks for the feedback; yeah I wouldn't mind to have a few more details, so hopefully Vlk will notice this thread. Good to know already that modified files don't risk to be skipped.