[clamav-users] PDF Scanning

Arnaud Jacques webmaster at securiteinfo.com
Fri Apr 12 06:07:11 UTC 2019 

Hello David,

Yes it is the same for all OS. The ClamAV signatures directory is just 
at a different place. Find the location in your clamd.conf, ot set it if 
not set.


Le 11/04/2019 à 22:10, David Hendrick a écrit :
> Hi Arnaud,
>
> Thank you very much. Just a question, would this be the same on the 
> Windows port as we're running in Windows?
>
> Many thanks,
> David
>
> On Thu 11 Apr 2019, 19:35 Arnaud Jacques, <webmaster at securiteinfo.com 
> <mailto:webmaster at securiteinfo.com>> wrote:
>
>     David,
>
>     Here is an example :
>
>     Create a file pdf.ndb in your clamav signatures directory (usually
>     /var/lib/clamav/)
>     In this file put this :
>     testpdf:10:*:4f70656e416374696f6e*4a617661536372697074
>
>     Save the file, and restart Clamav.
>     Then clamdscan should detect the pdf with "OpenAction" and
>     "Javascript".
>
>     More information about creating signatures for Clamav at :
>     https://www.clamav.net/documents/creating-signatures-for-clamav
>
>
>     Le 11/04/2019 à 19:29, David Hendrick a écrit :
>     > Hi Arnaud,
>     > Could you explain how I do this? If this something I can add to
>     clamd.conf?
>     >
>     > Many thanks,
>     > David
>     >
>     > -----Original Message-----
>     > From: clamav-users <clamav-users-bounces at lists.clamav.net
>     <mailto:clamav-users-bounces at lists.clamav.net>> On Behalf Of
>     Arnaud Jacques
>     > Sent: Thursday 11 April 2019 18:27
>     > To: clamav-users at lists.clamav.net
>     <mailto:clamav-users at lists.clamav.net>
>     > Subject: Re: [clamav-users] PDF Scanning
>     >
>     > Hello David,
>     >
>     > Le 11/04/2019 à 19:20, David Hendrick a écrit :
>     >> Hi there,
>     >> Does anyone know if there's a way to have ClamAV detect PDF
>     files that
>     >> have items such as "OpenAction" or "JavaScript" or "JS"?
>     > You can do any detection using Clamav.
>     > *But* if you detect PDF containing "OpenAction" and "Javascript"
>     or "JS"
>     > you will have a lot of false positives.
>     >
>     > --
>     > Cordialement / Best regards,
>     >
>     > Arnaud Jacques
>     > Gérant de SecuriteInfo.com
>     >
>     > Téléphone : +33-(0)3.44.39.76.46
>     > E-mail : aj at securiteinfo.com <mailto:aj at securiteinfo.com>
>     > Site web : https://www.securiteinfo.com
>     > Facebook :
>     https://www.facebook.com/pages/SecuriteInfocom/132872523492286
>     > Twitter : @SecuriteInfoCom
>     >
>     > Securiteinfo.com
>     > La Sécurité Informatique - La Sécurité des Informations.
>     > 266, rue de Villers
>     > 60123 Bonneuil en Valois
>     >
>     >
>     > _______________________________________________
>     >
>     > clamav-users mailing list
>     > clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     > https://lists.clamav.net/mailman/listinfo/clamav-users
>     >
>     >
>     > Help us build a comprehensive ClamAV guide:
>     > https://github.com/vrtadmin/clamav-faq
>     >
>     > http://www.clamav.net/contact.html#ml
>     >
>     >
>     > _______________________________________________
>     >
>     > clamav-users mailing list
>     > clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     > https://lists.clamav.net/mailman/listinfo/clamav-users
>     >
>     >
>     > Help us build a comprehensive ClamAV guide:
>     > https://github.com/vrtadmin/clamav-faq
>     >
>     > http://www.clamav.net/contact.html#ml
>
>     -- 
>     Cordialement / Best regards,
>
>     Arnaud Jacques
>     Gérant de SecuriteInfo.com
>
>     Téléphone : +33-(0)3.44.39.76.46
>     E-mail : aj at securiteinfo.com <mailto:aj at securiteinfo.com>
>     Site web : https://www.securiteinfo.com
>     Facebook :
>     https://www.facebook.com/pages/SecuriteInfocom/132872523492286
>     Twitter : @SecuriteInfoCom
>
>     Securiteinfo.com
>     La Sécurité Informatique - La Sécurité des Informations.
>     266, rue de Villers
>     60123 Bonneuil en Valois
>
>
>     _______________________________________________
>
>     clamav-users mailing list
>     clamav-users at lists.clamav.net <mailto:clamav-users at lists.clamav.net>
>     https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
>     Help us build a comprehensive ClamAV guide:
>     https://github.com/vrtadmin/clamav-faq
>
>     http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

-- 
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : aj at securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190412/cf46c118/attachment.htm>

More information about the clamav-users mailing list