[clamav-users] Detection in windows but not Linux

[Kurt Fitzner]

Hello, 

I am trying to identify what kind of support is missing from a Linux
binary of ClamAV. I have a file that clamscan for windows (from ClamWin)
is detecting as PHP.Shell-83, but where clamscan on Linux Debian won't
detect anything. Both are using the same engine version (0.98.7), and
while I know the ClamWin binaries are patched, but even when both are
using the same signature database as downloaded from the Linux version
of freshclam I still get a detection in Windows but not Linux. I have
attempted to turn on all heuristics and optional scan methods, and yet
the Debian version won't detect anything in the file. All I can think of
is there is some sort of support not compiled into the Linux version. 

The file is definitely malware - it was injected through a WordPress
vulnerability. I have a virus scan that runs hourly on my wordpress
folder just for that reason, but this one slipped through the cracks. I
want to find out what support is missing so it can be reported to the
Debian ClamAv package maintainers. 

Thanks, 

 Kurt Fitzner