Hi Steven, We found the infected apk from http://contagiodump.blogspot.in/2011/03/take-sample-leave-sample-mobile-malware.html http://www.mediafire.com/download/a31f86dzejilwea/026_capture-site.com_ocjp.zip is the zip file which contains an apk with the name btm.apk which is our concerned apk.
Query in my mind right now is that whether we need to extract the content of the apk before sending for scan with clam or does it extract internally. Thanks a lot for your quick response. Regards, Sujit On Fri, Oct 16, 2015 at 9:41 PM, Steven Morgan <smor...@sourcefire.com> wrote: > One of the triggers for the BC.Exploit.Andr bytecode is the zip file magic > at offset 0. If you are using --leave-temps, the inner files are extracted, > but the zip file magic is lost. > > On Fri, Oct 16, 2015 at 7:51 AM, Sujit Nandan <su...@innovaidesystems.com> > wrote: > > > Hi Everybody, > > > > I want to know how clam creates signature with infected android APK. > Right > > now we are totally in dark. Clam has determined an APK as infected with > > malware but when we run clamscan on extracted content from that APK it is > > not able to detect any malware. Can anybody brief me the steps about how > > the signature is created or what is the proper way to scan an APK in > > android. > > > > Regards, > > Sujit > > _______________________________________________ > > http://lurker.clamav.net/list/clamav-devel.html > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > http://www.clamav.net/contact.html#ml > _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net http://www.clamav.net/contact.html#ml
