Clam open source unix antivirus scanner development

Julien Reveret | 15 Feb 2011 09:20

clamscan can't detect malware inside a debian package

Hello,

I've made a few tests lately to embed malwares inside UNIX packages like
RPM or DEB packages. Once done, I scanned the packages with many
anti-virus products to check their efficiency.

Concerning clamav, there was no problem finding malware embedded into a
RPM package. Nevertheless clamscan was unable to detect a known malware
(the C99 PHP Backdoor) added to a preinst or postinst file.

Should I report this as a bug ?

Regards

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Török Edwin | 15 Feb 2011 14:42

Re: clamscan can't detect malware inside a debian package

On 2011-02-15 10:20, Julien Reveret wrote:
> Hello,
> 
> I've made a few tests lately to embed malwares inside UNIX packages like
> RPM or DEB packages. Once done, I scanned the packages with many
> anti-virus products to check their efficiency.
> 
> Concerning clamav, there was no problem finding malware embedded into a
> RPM package. Nevertheless clamscan was unable to detect a known malware
> (the C99 PHP Backdoor) added to a preinst or postinst file.
> 
> Should I report this as a bug ?

Just published bytecode.cvd version 138, is the .deb detected now?

(Run freshclam, make sure you get bytecode.cvd 138, and that you run
0.96.4+)

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Renato Botelho | 23 Feb 2011 13:09

Picon

Clamav 0.97 doesn't recognize old database

Hi guys,

A FreeBSD user reported a problem when he upgraded to 0.97
as you can see at [1]. Does it make any sense for you?

Thanks

[1] - http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/154608
--

-- 
Renato Botelho
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Török Edwin | 23 Feb 2011 13:12

Picon

Re: Clamav 0.97 doesn't recognize old database

On 2011-02-23 14:09, Renato Botelho wrote:
> Hi guys,
> 
> A FreeBSD user reported a problem when he upgraded to 0.97
> as you can see at [1]. Does it make any sense for you?
> 

This has been reported on -users already, one of the 3rdparty signatures
is invalid:  it uses a size of 0 for an MD5 signature.
The fix is to remove the offending line from the 3rdparty DB.

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Ibrahim Harrani | 24 Feb 2011 14:35

Picon

old FreeBSD threat patch

Hi,

There is a patch for clamav on FreeBSD at the following url.
http://www.mail-archive.com/clamav-devel <at> lists.clamav.net/msg02775.html

It seems that this patch was created for FreeBSD 6.X.
Do you think that this patch should be applied to FreeBSD 8.X also?

Thanks.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

David F. Skoll | 28 Feb 2011 15:47

QA request: Please test signature DBs against 0.95 and later

Hi,

Referring to threads at:
http://lurker.clamav.net/thread/20110228.124343.f4b93b47.en.html#20110228.124343.f4b93b47
http://lurker.clamav.net/thread/20110210.215042.63ffc4bc.en.html#20110210.215042.63ffc4bc

and especially:
http://lurker.clamav.net/message/20110211.235527.4079e33f.en.html

which quotes:

> 3-4 days after v0.97 is released, v0.95 is considered obsolete and
> no longer worth testing databases for. 

Is that really true?  Is it actually infeasible to test signature
updates against all versions of ClamAV from v0.95 on?  I don't know
which SCM system you use, but it seems to me a pre-commit hook that
validates signatures before allowing the commit shouldn't be that hard
to create.

I was a little upset by the forced-obsolescence of 0.94.x, but at
least we had plenty of warning.  The surprise de-facto obsolescence
of 0.95 with no warning at all is not so much fun...

Regards,

David.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

(Continue reading)

Group

gmane.comp.security.virus.clamav.devel.

Advertisement

Project Web Page

Clam open source unix antivirus scanner development

Search Archive

Page

1

Articles in period: 6

February 2011

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Problems for getting start working on ClamAV project (12 Jun 2013)
[PATCH] zlib detection for autofoo (10 Jun 2013)
Problem in Getting GUI. (8 Jun 2013)
Resolve: LibClamAV Error: cl_load(): Can't get file status. (7 Jun 2013)
Problem in start working on ClamAV project. (7 Jun 2013)
Contribution: libclamav.dll + Python (22 May 2013)
clamav-devel Digest, Vol 100, Issue 6 (23 Mar 2013)
Does clamav work with hex or characters? (23 Mar 2013)
New Version of ClamAV (22 Mar 2013)
New Version of ClamAV (20 Mar 2013)
ClamAV 0.97.7 has been released! (19 Mar 2013)
Contribute signatures (17 Mar 2013)
ClamAV 0.97.7 has been released! (16 Mar 2013)
ClamAV 0.97.7 has been released! (16 Mar 2013)
ClamAV 0.97.7 has been released! (15 Mar 2013)
smaller db ? (25 Feb 2013)
JIT code generation on Windows x64 / MSVC (9 Jan 2013)
New Contributor - Loïc Maury (28 Dec 2012)
Contribution. (10 Nov 2012)
Placebo - A ClamAV Central Management Toolkit (18 Oct 2012)
Interesting Project for a 6-month Internship (12 Sep 2012)

Archives

14	June 2013
2	May 2013
25	March 2013
6	February 2013
5	January 2013
2	December 2012
2	November 2012
1	October 2012
3	September 2012
9	August 2012
2	July 2012
1	June 2012
3	May 2012
27	April 2012
4	March 2012
24	February 2012
7	January 2012
15	December 2011
12	October 2011
7	September 2011
6	August 2011
22	July 2011
11	June 2011
5	May 2011
5	March 2011
6	February 2011
7	January 2011
12	December 2010
7	November 2010
17	October 2010
15	September 2010
16	August 2010
5	July 2010
16	June 2010
23	May 2010
95	April 2010
54	March 2010
13	January 2010
27	December 2009
8	November 2009
1	October 2009
7	September 2009
5	August 2009
6	July 2009
6	June 2009
14	May 2009
9	April 2009
46	March 2009
8	February 2009
15	January 2009
42	December 2008
17	November 2008
5	October 2008
5	September 2008
31	August 2008
10	July 2008
10	June 2008
13	May 2008
15	April 2008
15	March 2008
9	February 2008
9	January 2008
30	December 2007
22	November 2007
18	October 2007
12	September 2007
4	August 2007
3	July 2007
24	June 2007
26	May 2007
18	April 2007
75	March 2007
52	February 2007
20	January 2007
15	December 2006
36	November 2006
43	October 2006
61	September 2006
9	August 2006
20	July 2006
33	June 2006
39	May 2006
42	April 2006
40	March 2006
12	February 2006
75	January 2006
26	December 2005
39	November 2005
22	October 2005
18	September 2005
26	August 2005
52	July 2005
58	June 2005
89	May 2005
67	April 2005
122	March 2005
124	February 2005
102	January 2005
82	December 2004
83	November 2004
103	October 2004
54	September 2004
56	August 2004
64	July 2004
79	June 2004
58	May 2004
106	April 2004
145	March 2004
80	February 2004
39	January 2004
53	December 2003
82	November 2003
39	October 2003
137	September 2003
70	August 2003
2	July 2003
1	March 2003

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template