you are right, I know this is not a virus and an ips is the better option for this, but there are also some infected files in the wild, e.g. avira will detect them as:
HTML/Shellcode.Gen HTML/RCE.Gen HTML/Silly.Gen Still the open question: How to search for a 'string' in the db to see which signature can detect what? Best Sven On Wed, 2009-07-08 at 14:02 -0700, Michael Orlitzky wrote: > Sven Wurth wrote: > > clamav-users, > > > > were can I get information if clamav has patterns against the new > > ActiveX MS 972890? > > ClamAV scans for infections (viruses, malware, etc.), not > vulnerabilities. From what I understand, if you use the ActiveX video > control (pre-Vista/2008), then you are vulnerable to the attack > described in that bulletin: > > http://www.microsoft.com/technet/security/advisory/972890.mspx > > Now, if someone exploits that vulnerability to infect one of your > machines, then it makes sense to ask the question, "Will ClamAV detect > this infection?" > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > http://www.clamav.net/support/ml > > -- ------------------------------------------------------- Sven Wurth <swu...@astaro.com> Security Software Researcher Astaro AG | www.astaro.com Phone +49-721-25516-0 | Fax -200 An der Raumfabrik 33a 76227 Karlsruhe | Germany Key ID: 0xAF6B4719 key-fp: 3194 3CC7 A2BC 4B4D 9976 6C20 90E5 6A53 AF6B -------------------------------------------------------
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
