[clamav-users] Silly question - clamav - linux viruses?
Alain Zidouemba
azidouemba at sourcefire.com
Thu Apr 17 15:13:46 UTC 2014
ClamAV "does scan for linux viruses".
If you install ClamAV, you can use the sigtool command to find signatures
for unix-specific malware.
Eg:
> sigtool --list-sigs /usr/local/share/clamav/daily.cld | grep -i 'unix'
.
.
.
Exploit.Shellcode.Unix-Gen-1
Trojan.Plunix-1
UNIX.Worm.Sorso
UNIX.Exploit.CVE_2010_3301-1
UNIX.Trojan.SSHDoor
Unix.Backdoor.Cdorked
Unix.Exploit.CVE_2014_1912-1
Unix.Exploit.CVE_2014_1912
Unix.Downloader.Agent
UNIX.Exploit.CVE_2010_3301-2
UNIX.Trojan.Snakso
Unix.Exploit.Iosjailbreak
Unix.Exploit.Fsheep
Unix.Trojan.Hanthie-3
Unix.Trojan.Hanthie-4
Unix.Trojan.Ebury
Unix.Trojan.Ebury-1
Unix.Trojan.Ebury-2
Unix.Trojan.Hanthie
Unix.Trojan.Hanthie-1
Unix.Trojan.Hanthie-2
Win.Trojan.Gunix-1
.
.
.
Additionally, there are signatures for malware or exploits that can target
multiple platforms. An example is the signature PHP.Shell-38 as gin(e)
pointed out.
- Alain
On Thu, Apr 17, 2014 at 10:46 AM, Dave Shevett <shevett at pobox.com> wrote:
> Hi folks, sorry for the seemingly silly question, but I can't find it in
> he FAQ nor can I find it by S-ing TFW.
>
> Does clamav on linux scan for 'linux viruses'? I know the definition of
> that is nebulous, and the number of documented linux virii is extremely
> low (for ones that would not be classified as root hacks or simple
> coding errors).
>
> I need to present to management that we don't need to run clamav virus
> scans across /usr/bin, /lib, /usr/sbin, etc. We should, however, have a
> root kit checker installed (right now we do use 'aide' to function as a
> tripwire mechanism).
>
> But, can I say "clamav does not scan for linux viruses" or is that not
> true?
>
> -d
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
More information about the clamav-users
mailing list