[Clamav-devel] Clam Scan on Android APK

Steven Morgan smorgan at sourcefire.com
Fri Oct 16 12:11:50 EDT 2015

One of the triggers for the BC.Exploit.Andr bytecode is the zip file magic
at offset 0. If you are using --leave-temps, the inner files are extracted,
but the zip file magic is lost.

On Fri, Oct 16, 2015 at 7:51 AM, Sujit Nandan <sujit at innovaidesystems.com>

> Hi Everybody,
> I want to know how clam creates signature with infected android APK. Right
> now we are totally in dark. Clam has determined an APK as infected with
> malware but when we run clamscan on extracted content from that APK it is
> not able to detect any malware. Can anybody brief me the steps about how
> the signature is created or what is the proper way to scan an APK in
> android.
> Regards,
> Sujit
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> http://www.clamav.net/contact.html#ml

More information about the clamav-devel mailing list