There are a number of public unofficial databases including the Linux Malware Detect project, Sanesecurity, and Atomic. There's also an unofficial database update script on github (though it hasn't been updated in a year or so) that has others.
YMMV with them though. On Thu, Mar 29, 2018 at 8:08 AM, Peter Folk <peter.fol...@gmail.com> wrote: > Hi Maarten, > > okay, I will try that, thanks. > > Out of interest, are there other public, known good extra virus definitions > that include these PHP and/or web server specific patterns/signatures ? > > I looked on the clamav site, but only found the standard signature set. > > Also - in case I do get a hold of extra signatures - would I have to merge > them into the existing definition set or simply run these in a separate > scan ? > > Thanks. > > Peter > > > On Thu, Mar 29, 2018 at 4:04 AM, Maarten Broekman < > maarten.broek...@gmail.com> wrote: > > > Hi Peter, > > Given the name of that virus, I would guess that your hosting provider > > is using some extra virus definitions that aren’t part of the standard > > ClamAV distribution. It doesn’t have to do with the engine in this case. > > > > You should get in touch with them about that. > > > > Maarten Broekman > > Sent from a tiny keyboard > > > > > On Mar 29, 2018, at 06:49, Peter Folk <peter.fol...@gmail.com> wrote: > > > > > > Hello, > > > > > > running into a weird issue here... our web host has run a clamav scan > on > > > our VPS server, and found 1 infected PHP file, infected with > > > SL-PHP-BACKDOOR-GENERIC. > > > > > > The clamav engine version used in the scan done by the web host was: > > > devel-clamav-0.99-beta1-632-g8a582c7 (that's what the log file says) > > > > > > Now, I can't find that engine version anywhere on the web. > > > > > > But, we installed the latest, stable clamav 0.9.4 on the CentOS hosting > > > box, updated definitions to latest via freshclam (it says Engine > version: > > > 0.99.4) and ran a clamav scan on the exact same files as our web host > > did. > > > > > > clamscan does NOT find any infected files. > > > > > > Can anybody explain why these definitions/engine versions are > different. > > > and why does devel-clamav engine find infected files and latest clamav > > > engine does not.... ? > > > > > > most importantly: how can I install and use the devel-clamav engine ?? > > > > > > Thanks. > > > > > > Peter > > > _______________________________________________ > > > clamav-users mailing list > > > clamav-users@lists.clamav.net > > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > > > > Help us build a comprehensive ClamAV guide: > > > https://github.com/vrtadmin/clamav-faq > > > > > > http://www.clamav.net/contact.html#ml > > _______________________________________________ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
