[clamav-users] Silly question - clamav - linux viruses?
Dennis Peterson
dennispe at inetnw.com
Thu Apr 17 15:26:49 UTC 2014
On 4/17/14, 8:13 AM, Alain Zidouemba wrote:
> ClamAV "does scan for linux viruses".
>
> If you install ClamAV, you can use the sigtool command to find signatures
> for unix-specific malware.
>
> Eg:
>> sigtool --list-sigs /usr/local/share/clamav/daily.cld | grep -i 'unix'
> .
> .
> .
> Exploit.Shellcode.Unix-Gen-1
> Trojan.Plunix-1
> UNIX.Worm.Sorso
> UNIX.Exploit.CVE_2010_3301-1
> UNIX.Trojan.SSHDoor
> Unix.Backdoor.Cdorked
> Unix.Exploit.CVE_2014_1912-1
> Unix.Exploit.CVE_2014_1912
> Unix.Downloader.Agent
> UNIX.Exploit.CVE_2010_3301-2
> UNIX.Trojan.Snakso
> Unix.Exploit.Iosjailbreak
> Unix.Exploit.Fsheep
> Unix.Trojan.Hanthie-3
> Unix.Trojan.Hanthie-4
> Unix.Trojan.Ebury
> Unix.Trojan.Ebury-1
> Unix.Trojan.Ebury-2
> Unix.Trojan.Hanthie
> Unix.Trojan.Hanthie-1
> Unix.Trojan.Hanthie-2
> Win.Trojan.Gunix-1
> .
> .
> .
>
> Additionally, there are signatures for malware or exploits that can target
> multiple platforms. An example is the signature PHP.Shell-38 as gin(e)
> pointed out.
>
> - Alain
>
>
>
The above is evidence your product scans for Unix viruses. You surely know Linux
is not Unix. Assuming SourceFire/Cisco doesn't distinguish between Linux and
Unix, the list does not suggest which flavor of Linux or Unix might be included
or if that is important. Would it be a fair assumption the signatures are
architecture agnostic or are they Intel only? A reference to the complete
documentation of target systems would be valuable.
dp
More information about the clamav-users
mailing list