Re: [clamav-users] PDF Scanning

Thu, 11 Apr 2019 23:08:33 -0700 

Hello David,
Yes it is the same for all OS. The ClamAV signatures directory is just at a different place. Find the location in your clamd.conf, ot set it if not set. 


Le 11/04/2019 à 22:10, David Hendrick a écrit :

Hi Arnaud,


Thank you very much. Just a question, would this be the same on the 
Windows port as we're running in Windows?


Many thanks,
David


On Thu 11 Apr 2019, 19:35 Arnaud Jacques, <webmas...@securiteinfo.com 
<mailto:webmas...@securiteinfo.com>> wrote:


    David,

    Here is an example :

    Create a file pdf.ndb in your clamav signatures directory (usually
    /var/lib/clamav/)
    In this file put this :
    testpdf:10:*:4f70656e416374696f6e*4a617661536372697074

    Save the file, and restart Clamav.
    Then clamdscan should detect the pdf with "OpenAction" and
    "Javascript".

    More information about creating signatures for Clamav at :
    https://www.clamav.net/documents/creating-signatures-for-clamav


    Le 11/04/2019 à 19:29, David Hendrick a écrit :
    > Hi Arnaud,
    > Could you explain how I do this? If this something I can add to
    clamd.conf?
    >
    > Many thanks,
    > David
    >
    > -----Original Message-----
    > From: clamav-users <clamav-users-boun...@lists.clamav.net
    <mailto:clamav-users-boun...@lists.clamav.net>> On Behalf Of
    Arnaud Jacques
    > Sent: Thursday 11 April 2019 18:27
    > To: clamav-users@lists.clamav.net
    <mailto:clamav-users@lists.clamav.net>
    > Subject: Re: [clamav-users] PDF Scanning
    >
    > Hello David,
    >
    > Le 11/04/2019 à 19:20, David Hendrick a écrit :
    >> Hi there,
    >> Does anyone know if there's a way to have ClamAV detect PDF
    files that
    >> have items such as "OpenAction" or "JavaScript" or "JS"?
    > You can do any detection using Clamav.
    > *But* if you detect PDF containing "OpenAction" and "Javascript"
    or "JS"
    > you will have a lot of false positives.
    >
    > --
    > Cordialement / Best regards,
    >
    > Arnaud Jacques
    > Gérant de SecuriteInfo.com
    >
    > Téléphone : +33-(0)3.44.39.76.46
    > E-mail : a...@securiteinfo.com <mailto:a...@securiteinfo.com>
    > Site web : https://www.securiteinfo.com
    > Facebook :
    https://www.facebook.com/pages/SecuriteInfocom/132872523492286
    > Twitter : @SecuriteInfoCom
    >
    > Securiteinfo.com
    > La Sécurité Informatique - La Sécurité des Informations.
    > 266, rue de Villers
    > 60123 Bonneuil en Valois
    >
    >
    > _______________________________________________
    >
    > clamav-users mailing list
    > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
    > https://lists.clamav.net/mailman/listinfo/clamav-users
    >
    >
    > Help us build a comprehensive ClamAV guide:
    > https://github.com/vrtadmin/clamav-faq
    >
    > http://www.clamav.net/contact.html#ml
    >
    >
    > _______________________________________________
    >
    > clamav-users mailing list
    > clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
    > https://lists.clamav.net/mailman/listinfo/clamav-users
    >
    >
    > Help us build a comprehensive ClamAV guide:
    > https://github.com/vrtadmin/clamav-faq
    >
    > http://www.clamav.net/contact.html#ml


    -- 
    Cordialement / Best regards,


    Arnaud Jacques
    Gérant de SecuriteInfo.com

    Téléphone : +33-(0)3.44.39.76.46
    E-mail : a...@securiteinfo.com <mailto:a...@securiteinfo.com>
    Site web : https://www.securiteinfo.com
    Facebook :
    https://www.facebook.com/pages/SecuriteInfocom/132872523492286
    Twitter : @SecuriteInfoCom

    Securiteinfo.com
    La Sécurité Informatique - La Sécurité des Informations.
    266, rue de Villers
    60123 Bonneuil en Valois


    _______________________________________________

    clamav-users mailing list
    clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
    https://lists.clamav.net/mailman/listinfo/clamav-users


    Help us build a comprehensive ClamAV guide:
    https://github.com/vrtadmin/clamav-faq

    http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml






















					Reply via email to