[Clamav-devel] Clam Scan on Android APK

Sujit Nandan sujit at innovaidesystems.com
Fri Oct 23 03:09:00 EDT 2015


Hi Steven,

I am following up with this mail just to bring under your attention the
problem related to apk file scan as mentioned in previous mail.

I also have another query regarding creating a avbases (Clam AV signature)
which has only malware relevant to Android OS.
This is because full avsignature base is huge if we consider memory
limation of handheld os like Android.

Eagerly waiting for your valuable response.

Regards,
Sujit



On Sat, Oct 17, 2015 at 4:48 PM, Sujit Nandan <sujit at innovaidesystems.com>
wrote:

> Hi Steven,
>
> We found the infected apk from
> http://contagiodump.blogspot.in/2011/03/take-sample-leave-sample-mobile-malware.html
>
> http://www.mediafire.com/download/a31f86dzejilwea/026_capture-site.com_ocjp.zip
> is the zip file which contains an apk with the name btm.apk which is our
> concerned apk.
>
> Query in my mind right now is that whether we need to extract the content
> of the apk before sending for scan with clam or does it
> extract internally.
>
> Thanks a lot for your quick response.
>
> Regards,
> Sujit
>
> On Fri, Oct 16, 2015 at 9:41 PM, Steven Morgan <smorgan at sourcefire.com>
> wrote:
>
>> One of the triggers for the BC.Exploit.Andr bytecode is the zip file magic
>> at offset 0. If you are using --leave-temps, the inner files are
>> extracted,
>> but the zip file magic is lost.
>>
>> On Fri, Oct 16, 2015 at 7:51 AM, Sujit Nandan <sujit at innovaidesystems.com
>> >
>> wrote:
>>
>> > Hi Everybody,
>> >
>> > I want to know how clam creates signature with infected android APK.
>> Right
>> > now we are totally in dark. Clam has determined an APK as infected with
>> > malware but when we run clamscan on extracted content from that APK it
>> is
>> > not able to detect any malware. Can anybody brief me the steps about how
>> > the signature is created or what is the proper way to scan an APK in
>> > android.
>> >
>> > Regards,
>> > Sujit
>> > _______________________________________________
>> > http://lurker.clamav.net/list/clamav-devel.html
>> > Please submit your patches to our Bugzilla: http://bugs.clamav.net
>> >
>> > http://www.clamav.net/contact.html#ml
>> >
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>



More information about the clamav-devel mailing list