On Thu 11 Apr 2019, 19:35 Arnaud Jacques, <webmaster@securiteinfo.com> wrote:

David,

Here is an example :

Create a file pdf.ndb in your clamav signatures directory (usually
/var/lib/clamav/)
In this file put this :
testpdf:10:*:4f70656e416374696f6e*4a617661536372697074

Save the file, and restart Clamav.
Then clamdscan should detect the pdf with "OpenAction" and "Javascript".

More information about creating signatures for Clamav at :
https://www.clamav.net/documents/creating-signatures-for-clamav

Le 11/04/2019 à 19:29, David Hendrick a écrit :
> Hi Arnaud,
> Could you explain how I do this? If this something I can add to clamd.conf?
>
> Many thanks,
> David
>
> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Arnaud Jacques
> Sent: Thursday 11 April 2019 18:27
> To: clamav-users@lists.clamav.net
> Subject: Re: [clamav-users] PDF Scanning
>
> Hello David,
>
> Le 11/04/2019 à 19:20, David Hendrick a écrit :
>> Hi there,
>> Does anyone know if there's a way to have ClamAV detect PDF files that
>> have items such as "OpenAction" or "JavaScript" or "JS"?
> You can do any detection using Clamav.
> *But* if you detect PDF containing "OpenAction" and "Javascript" or "JS"
> you will have a lot of false positives.
>
> --
> Cordialement / Best regards,
>
> Arnaud Jacques
> Gérant de SecuriteInfo.com
>
> Téléphone : +33-(0)3.44.39.76.46
> E-mail : aj@securiteinfo.com
> Site web : https://www.securiteinfo.com
> Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> Twitter : @SecuriteInfoCom
>
> Securiteinfo.com
> La Sécurité Informatique - La Sécurité des Informations.
> 266, rue de Villers
> 60123 Bonneuil en Valois
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml