[Clamav-devel] clamav-devel Digest, Vol 126, Issue 4

Brandon Perry bperry.volatile at gmail.com
Thu Jul 16 12:17:50 EDT 2015


On Thu, Jul 16, 2015 at 11:14 AM, P K <pkopensrc at gmail.com> wrote:

> Thanks Brandon.
>
> It means file upload using multi-part form will not be detected by ClamAv.
> If curl is able to send multi-part form it means other browsers can upload
> virus file using multi form.
>
> Any way to fix same?
>
> Best Regards
> Punit Kandoi
>
>
It depends completely on the signature. If the signature is strict as the
EICAR signature is, then clamav will only detect the virus under strict
circumstances. If the signature for the virus/malware allows for data
preceding/following the actual bytes that match the signature, then a
multi-part form with a virus will still be caught.


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website


More information about the clamav-devel mailing list