Hello,

 

What I can see that ClamAV cannot always successfully detect reverse shell type of files (built using Metasploit msfvenom). And also, if the file is covered using a pseudo extension e.g. test.exe.txt

When I was comparing this on virustotal.com ClamAV seems to be missing quite a lot of them. Is there any reason why ClamAV doesn’t do a more extensive search? Reverse shell or bind shell both are sensitive files and I was expecting ClamAV to be detecting them somehow.

Could someone clarify? Also, if this is mentioned anywhere in the docs, I would be grateful if you please point me to that.

 

Thanks,