So that the signature get updated, if necessary. Either your sample is
actually attempting to exploit CVE-2009-4324 and it's evading detecting
through our current signature (Exploit.PDF.CVE_2009_4324), our your sample
isn't attempting exploit CVE-2009-4324. Either way, your sample would be
helpful
Sure. I will submit but as per clamav Database this signature is already in
database.
Why we should submit sample again?
On Tue, Jul 28, 2015 at 4:58 PM, Alain Zidouemba
wrote:
> Yes, please do so. Submit your sample here:
> http://www.clamav.net/report/report-malware.html and provide the MD5
Yes, please do so. Submit your sample here:
http://www.clamav.net/report/report-malware.html and provide the MD5 or
SHA256 of the sample you submitted as a reply to this email.
Thanks,
- Alain
On Tue, Jul 28, 2015 at 11:01 AM, Al Varnell wrote:
> It does not match the signature for Exploit.PDF
yes i created pdf with virus by following link
http://www.decalage.info/exefilter_pdf_exploits
Virus is detected in gmail but its not detected in my Clamscan.
I feel something wrong in clamav configuration.
Just wanted anyone else to try and know where is issue.
On Tue, Jul 28, 2015 at 4:31 PM,
It does not match the signature for Exploit.PDF.CVE_2009_4324.
It’s looking for a two part signature:
In your document there are spaces in the string "/S /JavaScript /JS” which are
not in the signature.
Your document contains the string "media.newPlayer(null)” whereas the signature
is looking
So you generated a brand new malicious pdf? (Trying to understand what the
question is) Did you submit said malicious pdf to us? Perhaps you could write
your own detection and submit it to us via the community signature program?
--
Joel Esler
Manager, Threat Intelligence and Open Source
Talos G
Hi Guys,
Still waiting for an answer.
On Thu, Jul 23, 2015 at 8:21 PM, P K wrote:
> Hi Guys,
>
> I am testing clamav in my local system to detect POST data's from network.
> I am newbie in ClamAv and want to test with real time signatures.
>
> I tested with Eicher Test Signature and it works fi
Hi Guys,
I am testing clamav in my local system to detect POST data's from network.
I am newbie in ClamAv and want to test with real time signatures.
I tested with Eicher Test Signature and it works fine.
*But ClamAv is unable to detect CVE-2009-4324 with pdf.*
I see signature is present in dai
