Hi Guys, I am testing clamav in my local system to detect POST data's from network. I am newbie in ClamAv and want to test with real time signatures.
I tested with Eicher Test Signature and it works fine. *But ClamAv is unable to detect CVE-2009-4324 with pdf.* I see signature is present in daily.cld and if extracted its present in daily.ldb. Gmail able to detect same pdf as virus. Any help on what wrong in my ClamAv system and to fix it. $ clamscan ~/anti/eicar.com.txt */home/pk/anti/eicar.com.txt: Eicar-Test-Signature FOUND* ----------- SCAN SUMMARY ----------- Known viruses: 3898123 Engine version: 0.98.6 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 6.480 sec (0 m 6 s) <--------------- took 6sec to detect normal virus $ clamscan ~/anti_new/virus/exploit.pdf */home/pk/anti_new/virus/exploit.pdf: OK* ----------- SCAN SUMMARY ----------- Known viruses: 3898123 Engine version: 0.98.6 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 8.100 sec (0 m 8 s) I generated above virus using this link - http://www.decalage.info/exefilter_pdf_exploits I really want to learn ClamAv virus detection and try to enhance it. Thanks --PK _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
