Hello,
I am trying to identify what kind of support is missing from a Linux binary of ClamAV. I have a file that clamscan for windows (from ClamWin) is detecting as PHP.Shell-83, but where clamscan on Linux Debian won't detect anything. Both are using the same engine version (0.98.7), and while I know the ClamWin binaries are patched, but even when both are using the same signature database as downloaded from the Linux version of freshclam I still get a detection in Windows but not Linux. I have attempted to turn on all heuristics and optional scan methods, and yet the Debian version won't detect anything in the file. All I can think of is there is some sort of support not compiled into the Linux version. The file is definitely malware - it was injected through a WordPress vulnerability. I have a virus scan that runs hourly on my wordpress folder just for that reason, but this one slipped through the cracks. I want to find out what support is missing so it can be reported to the Debian ClamAv package maintainers. Thanks, Kurt Fitzner _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
