Although i have successfully submitted the file to sigmaker through web interface at http://www.clamav.net/, but this was successfully detected as w32.generic.trojan virus using Immunet 3.0(which is based on clamav engine) in windows.
Also i have attached the complete log. Please help. Thanks Gaurav Singh On Fri, Sep 14, 2012 at 7:20 PM, David Raynor <dray...@sourcefire.com>wrote: > On Fri, Sep 14, 2012 at 1:36 AM, gaurav singh > <gaurav.the.iiit...@gmail.com>wrote: > > > I have clamav with latest virus database on Ubuntu. > > When i try to scan a .exe file which is basically a trojan(detected by > > other anti-virus on Windows), it just passes as OK. > > > > Message with clamscan --debug logs following : > > > > ... > > LibClamAV debug: Ignoring signature Exploit.PDF-20301 > > LibClamAV debug: main.hdb loaded > > LibClamAV debug: Ignoring signature Worm.Sohanad-8 > > LibClamAV debug: Ignoring signature Adware.WhenU-6 > > LibClamAV debug: hashtab.c:Growing hashtable 0xb6e6ec70, because it has > > exceeded maxfill, old size:16384 > > LibClamAV debug: hashtab.c: new capacity: 32768 > > LibClamAV debug: Table 0xb6e6ec70 size after grow:32768 > > LibClamAV debug: Ignoring signature Trojan.Fakedoc-2 > > LibClamAV debug: Ignoring signature Trojan.Dropper-5055 > > LibClamAV debug: hashtab.c:Growing hashtable 0xb6e6ec70, because it has > > exceeded maxfill, old size:32768 > > LibClamAV debug: hashtab.c: new capacity: 65536 > > LibClamAV debug: Table 0xb6e6ec70 size after grow:65536 > > LibClamAV debug: Ignoring signature Trojan.Dropper-6931 > > LibClamAV debug: Ignoring signature Trojan.Agent-28377 > > LibClamAV debug: Ignoring signature Trojan.Dopper > > LibClamAV debug: Ignoring signature Trojan.Dropper-10500 > > LibClamAV debug: Ignoring signature Trojan.SdBot-9715 > > LibClamAV debug: Ignoring signature Trojan.Dropper-18547 > > LibClamAV debug: Ignoring signature Trojan.Agent-98408 > > LibClamAV debug: Ignoring signature Trojan.Agent-118736 > > ... > > > > Maybe it is ignoring signatures that's why it is not detecting virus. > > Please help. > > > > Thanks > > Gaurav Singh > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > > The important part of the logs would be closer to the bottom where it is > scanning the file. This log section is from engine initialization and > signature loading. The ignored signatures within the CVD files are > intentional and end up replaced by other more accurate signatures. That > should not be the issue. > > If you come across malware that is not being detected you can send it to > our team of sigmakers. You can find details online by going to > http://www.clamav.net/ and clicking on the "Submit a file" link. > Submissions help us improve detections. > > Thanks, > > Dave R. > > -- > --- > Dave Raynor > Sourcefire Vulnerability Research Team > dray...@sourcefire.com > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml >
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
