[clamav-users] Detection in windows but not Linux
Al Varnell
alvarnell at mac.com
Mon Dec 14 23:44:42 UTC 2015
No, it was the OP who did that. Check his last reply.
-Al-
On Dec 14, 2015, at 2:13 PM, Paul Kosinski <clamav at iment.com> wrote:
> Just a wild thought, but could the Linux version of ClamAV somehow be
> doing a "DOS to UNIX" processing on signatures as if they were ASCII,
> thus converting "0d0a" to "0a"?
>
>
> On Mon, 14 Dec 2015 12:00:01 -0500
> clamav-users-request at lists.clamav.net wrote:
>
>> Send clamav-users mailing list submissions to
>> clamav-users at lists.clamav.net
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> or, via email, send a message with subject or body 'help' to
>> clamav-users-request at lists.clamav.net
>>
>> You can reach the person managing the list at
>> clamav-users-owner at lists.clamav.net
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of clamav-users digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Detection in windows but not Linux (G.W. Haywood)
>> 2. Re: Detection in windows but not Linux (Kurt Fitzner)
>> 3. Re: Detection in windows but not Linux (Al Varnell)
>> 4. Re: Detection in windows but not Linux (Kurt Fitzner)
>> 5. Re: Detection in windows but not Linux (Al Varnell)
>> 6. Re: Detection in windows but not Linux (Kurt Fitzner)
>> 7. Re: Detection in windows but not Linux (Kurt Fitzner)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sun, 13 Dec 2015 17:42:32 +0000 (GMT)
>> From: "G.W. Haywood" <clamav at jubileegroup.co.uk>
>> To: clamav-users at lists.clamav.net
>> Subject: Re: [clamav-users] Detection in windows but not Linux
>> Message-ID:
>> <Pine.LNX.4.64.1512131740090.9868 at mail5.jubileegroup.co.uk>
>> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>>
>> Hi there,
>>
>> On Sun, 13 Dec 2015, Arnaud Jacques wrote:
>>
>>> For me PHP.Shell-83 is wrong. It contains 0d0a. It means it has
>>> been created with a non-normalized ascii file.
>>> I guess it should be corrected.
>>
>> In my current main.cld, 4636 of the approximately 2.4 million
>> signatures in the file contain the string "0d0a".
>>
>> Comments?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20151214/923af126/attachment.bin>
More information about the clamav-users
mailing list