Hi Guys, Still waiting for an answer.
On Thu, Jul 23, 2015 at 8:21 PM, P K <pkopen...@gmail.com> wrote: > Hi Guys, > > I am testing clamav in my local system to detect POST data's from network. > I am newbie in ClamAv and want to test with real time signatures. > > I tested with Eicher Test Signature and it works fine. > > *But ClamAv is unable to detect CVE-2009-4324 with pdf.* > > I see signature is present in daily.cld and if extracted its present in > daily.ldb. > Gmail able to detect same pdf as virus. > > Any help on what wrong in my ClamAv system and to fix it. > > $ clamscan ~/anti/eicar.com.txt > */home/pk/anti/eicar.com.txt: Eicar-Test-Signature FOUND* > > ----------- SCAN SUMMARY ----------- > Known viruses: 3898123 > Engine version: 0.98.6 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 6.480 sec (0 m 6 s) <--------------- took 6sec to detect normal > virus > > $ clamscan ~/anti_new/virus/exploit.pdf > > */home/pk/anti_new/virus/exploit.pdf: OK* > ----------- SCAN SUMMARY ----------- > Known viruses: 3898123 > Engine version: 0.98.6 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 8.100 sec (0 m 8 s) > > I generated above virus using this link - > http://www.decalage.info/exefilter_pdf_exploits > > I really want to learn ClamAv virus detection and try to enhance it. > > Thanks > --PK > > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
