One of the triggers for the BC.Exploit.Andr bytecode is the zip file magic at offset 0. If you are using --leave-temps, the inner files are extracted, but the zip file magic is lost.
On Fri, Oct 16, 2015 at 7:51 AM, Sujit Nandan <su...@innovaidesystems.com> wrote: > Hi Everybody, > > I want to know how clam creates signature with infected android APK. Right > now we are totally in dark. Clam has determined an APK as infected with > malware but when we run clamscan on extracted content from that APK it is > not able to detect any malware. Can anybody brief me the steps about how > the signature is created or what is the proper way to scan an APK in > android. > > Regards, > Sujit > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > http://www.clamav.net/contact.html#ml > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net http://www.clamav.net/contact.html#ml
