On 4/17/14, 8:13 AM, Alain Zidouemba wrote:
ClamAV "does scan for linux viruses".
If you install ClamAV, you can use the sigtool command to find signatures
for unix-specific malware.
Eg:
sigtool --list-sigs /usr/local/share/clamav/daily.cld | grep -i 'unix'
.
.
.
Exploit.Shellcode.Unix-Gen-1
Trojan.Plunix-1
UNIX.Worm.Sorso
UNIX.Exploit.CVE_2010_3301-1
UNIX.Trojan.SSHDoor
Unix.Backdoor.Cdorked
Unix.Exploit.CVE_2014_1912-1
Unix.Exploit.CVE_2014_1912
Unix.Downloader.Agent
UNIX.Exploit.CVE_2010_3301-2
UNIX.Trojan.Snakso
Unix.Exploit.Iosjailbreak
Unix.Exploit.Fsheep
Unix.Trojan.Hanthie-3
Unix.Trojan.Hanthie-4
Unix.Trojan.Ebury
Unix.Trojan.Ebury-1
Unix.Trojan.Ebury-2
Unix.Trojan.Hanthie
Unix.Trojan.Hanthie-1
Unix.Trojan.Hanthie-2
Win.Trojan.Gunix-1
.
.
.
Additionally, there are signatures for malware or exploits that can target
multiple platforms. An example is the signature PHP.Shell-38 as gin(e)
pointed out.
- Alain
The above is evidence your product scans for Unix viruses. You surely know Linux
is not Unix. Assuming SourceFire/Cisco doesn't distinguish between Linux and
Unix, the list does not suggest which flavor of Linux or Unix might be included
or if that is important. Would it be a fair assumption the signatures are
architecture agnostic or are they Intel only? A reference to the complete
documentation of target systems would be valuable.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
