[clamav-users] Clamav cannot detect a malware using a signature based on html comment

Arnaud Jacques / SecuriteInfo.com webmaster at securiteinfo.com
Tue Jan 26 06:54:54 EST 2016


Hello Steve,

> I've seen the same.... sometimes I've had to end up using type 0, instead
> of 3/4/7 which isn't ideal.

Even with filetype 0 this doesn't match :

# cat test.ndb
test:7:*:3c212d2d20546869732069732061206d616c77617265202d2d3e
test:7:*:3c212d2d20746869732069732061206d616c77617265202d2d3e
test:3:*:3c212d2d20546869732069732061206d616c77617265202d2d3e
test:3:*:3c212d2d20746869732069732061206d616c77617265202d2d3e
test:0:*:3c212d2d

# clamscan -d test.ndb test.html
test.html: OK

----------- SCAN SUMMARY -----------
Known viruses: 5
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)

-- 
Best regards,

Arnaud Jacques
SecuriteInfo.com

Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom



More information about the clamav-users mailing list