[clamav-users] Question regarding Metasploit signatures
mohammed.manna at sap.com
Fri Aug 30 18:38:11 EDT 2019
What I can see that ClamAV cannot always successfully detect reverse shell type of files (built using Metasploit msfvenom). And also, if the file is covered using a pseudo extension e.g. test.exe.txt
When I was comparing this on virustotal.com ClamAV seems to be missing quite a lot of them. Is there any reason why ClamAV doesn't do a more extensive search? Reverse shell or bind shell both are sensitive files and I was expecting ClamAV to be detecting them somehow.
Could someone clarify? Also, if this is mentioned anywhere in the docs, I would be grateful if you please point me to that.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clamav-users