[clamav-users] Question regarding Metasploit signatures

Manna, Mohammed mohammed.manna at sap.com
Fri Aug 30 18:38:11 EDT 2019


Hello,

What I can see that ClamAV cannot always successfully detect reverse shell type of files (built using Metasploit msfvenom). And also, if the file is covered using a pseudo extension e.g. test.exe.txt

When I was comparing this on virustotal.com ClamAV seems to be missing quite a lot of them. Is there any reason why ClamAV doesn't do a more extensive search? Reverse shell or bind shell both are sensitive files and I was expecting ClamAV to be detecting them somehow.

Could someone clarify? Also, if this is mentioned anywhere in the docs, I would be grateful if you please point me to that.


Thanks,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190830/0414623b/attachment.html>


More information about the clamav-users mailing list