[clamav-users] Can ClamAV detect LKM rootkits?
Al Varnell
alvarnell at mac.com
Tue Dec 4 04:23:50 UTC 2018
ClamAV will detect all forms of malware on all platforms that it is aware of. Thousands of samples of existing malware are received by them daily from a variety of sources, none more valuable than users like you.
Please submit Adore-ng to <http://www.clamav.net/reports/malware>.
Sent from my iPad
-Al-
On Dec 3, 2018, at 19:32, zhuangxiaohui wrote:
> Hey guys,
>
> I've tested two types of rootkits with ClamAV.
> Adore-ng(kernel level) & Mafix(application level)
>
> Well, virus implanted by Mafix were completedly detected :
> /usr/bin/md5sum: Unix.Malware.Agent-6005569-0 FOUND
> /usr/bin/find: Win.Trojan.U-110 FOUND
> /usr/bin/pstree: Win.Trojan.Rootkit-5 FOUND
> /usr/bin/dir: Unix.Malware.Agent-1393952 FOUND
> /bin/ls: Unix.Malware.Agent-1393952 FOUND
> /sbin/ifconfig: Unix.Malware.Agent-1696070 FOUND
> /sbin/ttyload: Heuristics.Broken.Executable FOUND
> /sbin/ttymon: Win.Trojan.Linux-29 FOUND
>
> But when I tested with Adore-ng, nothing was detected.
> And then I tested it with ESET(one of anti-virus soft) and was detected.
> The virus name detected by ESET was "a variant of Linux/Rootkit.Adore.B
> Trojan"
>
> So I wonder can ClamAV detect LKM rootkits?
> Or would you mind to tell me where can I find the virus list that ClamAV can
> detected?
>
> Thank you,
> Zhuang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181203/14521b18/attachment.htm>
More information about the clamav-users
mailing list