Just a wild thought, but could the Linux version of ClamAV somehow be doing a "DOS to UNIX" processing on signatures as if they were ASCII, thus converting "0d0a" to "0a"?
On Mon, 14 Dec 2015 12:00:01 -0500 clamav-users-requ...@lists.clamav.net wrote: > Send clamav-users mailing list submissions to > clamav-users@lists.clamav.net > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > or, via email, send a message with subject or body 'help' to > clamav-users-requ...@lists.clamav.net > > You can reach the person managing the list at > clamav-users-ow...@lists.clamav.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of clamav-users digest..." > > > Today's Topics: > > 1. Re: Detection in windows but not Linux (G.W. Haywood) > 2. Re: Detection in windows but not Linux (Kurt Fitzner) > 3. Re: Detection in windows but not Linux (Al Varnell) > 4. Re: Detection in windows but not Linux (Kurt Fitzner) > 5. Re: Detection in windows but not Linux (Al Varnell) > 6. Re: Detection in windows but not Linux (Kurt Fitzner) > 7. Re: Detection in windows but not Linux (Kurt Fitzner) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 13 Dec 2015 17:42:32 +0000 (GMT) > From: "G.W. Haywood" <cla...@jubileegroup.co.uk> > To: clamav-users@lists.clamav.net > Subject: Re: [clamav-users] Detection in windows but not Linux > Message-ID: > <pine.lnx.4.64.1512131740090.9...@mail5.jubileegroup.co.uk> > Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed > > Hi there, > > On Sun, 13 Dec 2015, Arnaud Jacques wrote: > > > For me PHP.Shell-83 is wrong. It contains 0d0a. It means it has > > been created with a non-normalized ascii file. > > I guess it should be corrected. > > In my current main.cld, 4636 of the approximately 2.4 million > signatures in the file contain the string "0d0a". > > Comments? > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
