[clamav-users] Silly question - clamav - linux viruses?
Shawn Webb
swebb at sourcefire.com
Thu Apr 17 15:43:37 UTC 2014
In addition to many other file formats, ClamAV recognizes and scans ELF
files, the executable file format shared between Linux, BSD, and the other
Unixes. The alert name can vary, as Alain pointed out.
On Thu, Apr 17, 2014 at 11:26 AM, Dennis Peterson <dennispe at inetnw.com>wrote:
> On 4/17/14, 8:13 AM, Alain Zidouemba wrote:
>
>> ClamAV "does scan for linux viruses".
>>
>> If you install ClamAV, you can use the sigtool command to find signatures
>> for unix-specific malware.
>>
>> Eg:
>>
>>> sigtool --list-sigs /usr/local/share/clamav/daily.cld | grep -i 'unix'
>>>
>> .
>> .
>> .
>> Exploit.Shellcode.Unix-Gen-1
>> Trojan.Plunix-1
>> UNIX.Worm.Sorso
>> UNIX.Exploit.CVE_2010_3301-1
>> UNIX.Trojan.SSHDoor
>> Unix.Backdoor.Cdorked
>> Unix.Exploit.CVE_2014_1912-1
>> Unix.Exploit.CVE_2014_1912
>> Unix.Downloader.Agent
>> UNIX.Exploit.CVE_2010_3301-2
>> UNIX.Trojan.Snakso
>> Unix.Exploit.Iosjailbreak
>> Unix.Exploit.Fsheep
>> Unix.Trojan.Hanthie-3
>> Unix.Trojan.Hanthie-4
>> Unix.Trojan.Ebury
>> Unix.Trojan.Ebury-1
>> Unix.Trojan.Ebury-2
>> Unix.Trojan.Hanthie
>> Unix.Trojan.Hanthie-1
>> Unix.Trojan.Hanthie-2
>> Win.Trojan.Gunix-1
>> .
>> .
>> .
>>
>> Additionally, there are signatures for malware or exploits that can target
>> multiple platforms. An example is the signature PHP.Shell-38 as gin(e)
>> pointed out.
>>
>> - Alain
>>
>>
>>
>> The above is evidence your product scans for Unix viruses. You surely
> know Linux is not Unix. Assuming SourceFire/Cisco doesn't distinguish
> between Linux and Unix, the list does not suggest which flavor of Linux or
> Unix might be included or if that is important. Would it be a fair
> assumption the signatures are architecture agnostic or are they Intel only?
> A reference to the complete documentation of target systems would be
> valuable.
>
> dp
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
More information about the clamav-users
mailing list