[clamav-users] Question regarding Metasploit signatures
Manna, Mohammed
mohammed.manna at sap.com
Fri Aug 30 22:38:11 UTC 2019
Hello,
What I can see that ClamAV cannot always successfully detect reverse shell type of files (built using Metasploit msfvenom). And also, if the file is covered using a pseudo extension e.g. test.exe.txt
When I was comparing this on virustotal.com ClamAV seems to be missing quite a lot of them. Is there any reason why ClamAV doesn't do a more extensive search? Reverse shell or bind shell both are sensitive files and I was expecting ClamAV to be detecting them somehow.
Could someone clarify? Also, if this is mentioned anywhere in the docs, I would be grateful if you please point me to that.
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190830/0414623b/attachment.htm>
More information about the clamav-users
mailing list