Adam Stephens wrote: > The other day we got mailed a wave of PDF files aimed at exploiting > CVE-2009-0658. > > Does anyone have working generic signatures for documents with this > exploit in? I've made an MD5 signature* for the particular document we > got, & submitted it, but I know there are plenty of other similar > documents out there... and I can't see how to make a generic signature > myself without unpacking the PDFs with pdftk first. > > Cheers, > Adam. > > * That's c8cab28e550f60468099f60a0b6ccb81 > I think that core clamav should be changed for better pdf support in order to catch all different ways it can be disguised.
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
