On Fri, Sep 14, 2012 at 1:36 AM, gaurav singh <gaurav.the.iiit...@gmail.com>wrote:
> I have clamav with latest virus database on Ubuntu. > When i try to scan a .exe file which is basically a trojan(detected by > other anti-virus on Windows), it just passes as OK. > > Message with clamscan --debug logs following : > > ... > LibClamAV debug: Ignoring signature Exploit.PDF-20301 > LibClamAV debug: main.hdb loaded > LibClamAV debug: Ignoring signature Worm.Sohanad-8 > LibClamAV debug: Ignoring signature Adware.WhenU-6 > LibClamAV debug: hashtab.c:Growing hashtable 0xb6e6ec70, because it has > exceeded maxfill, old size:16384 > LibClamAV debug: hashtab.c: new capacity: 32768 > LibClamAV debug: Table 0xb6e6ec70 size after grow:32768 > LibClamAV debug: Ignoring signature Trojan.Fakedoc-2 > LibClamAV debug: Ignoring signature Trojan.Dropper-5055 > LibClamAV debug: hashtab.c:Growing hashtable 0xb6e6ec70, because it has > exceeded maxfill, old size:32768 > LibClamAV debug: hashtab.c: new capacity: 65536 > LibClamAV debug: Table 0xb6e6ec70 size after grow:65536 > LibClamAV debug: Ignoring signature Trojan.Dropper-6931 > LibClamAV debug: Ignoring signature Trojan.Agent-28377 > LibClamAV debug: Ignoring signature Trojan.Dopper > LibClamAV debug: Ignoring signature Trojan.Dropper-10500 > LibClamAV debug: Ignoring signature Trojan.SdBot-9715 > LibClamAV debug: Ignoring signature Trojan.Dropper-18547 > LibClamAV debug: Ignoring signature Trojan.Agent-98408 > LibClamAV debug: Ignoring signature Trojan.Agent-118736 > ... > > Maybe it is ignoring signatures that's why it is not detecting virus. > Please help. > > Thanks > Gaurav Singh > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > The important part of the logs would be closer to the bottom where it is scanning the file. This log section is from engine initialization and signature loading. The ignored signatures within the CVD files are intentional and end up replaced by other more accurate signatures. That should not be the issue. If you come across malware that is not being detected you can send it to our team of sigmakers. You can find details online by going to http://www.clamav.net/ and clicking on the "Submit a file" link. Submissions help us improve detections. Thanks, Dave R. -- --- Dave Raynor Sourcefire Vulnerability Research Team dray...@sourcefire.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
