Mailing List Archive: ClamAV: devel

clamscan can't detect malware inside a debian package

Index | Next | Previous | View Threaded

shaddai at c0a8

Feb 15, 2011, 12:20 AM

Post #1 of 2 (658 views)
Permalink

clamscan can't detect malware inside a debian package

Hello,

I've made a few tests lately to embed malwares inside UNIX packages like
RPM or DEB packages. Once done, I scanned the packages with many
anti-virus products to check their efficiency.

Concerning clamav, there was no problem finding malware embedded into a
RPM package. Nevertheless clamscan was unable to detect a known malware
(the C99 PHP Backdoor) added to a preinst or postinst file.

Should I report this as a bug ?

Regards

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

edwin at clamav

Feb 15, 2011, 5:42 AM

Post #2 of 2 (657 views)
Permalink

Re: clamscan can't detect malware inside a debian package [In reply to]

On 2011-02-15 10:20, Julien Reveret wrote:
> Hello,
>
> I've made a few tests lately to embed malwares inside UNIX packages like
> RPM or DEB packages. Once done, I scanned the packages with many
> anti-virus products to check their efficiency.
>
> Concerning clamav, there was no problem finding malware embedded into a
> RPM package. Nevertheless clamscan was unable to detect a known malware
> (the C99 PHP Backdoor) added to a preinst or postinst file.
>
> Should I report this as a bug ?

Just published bytecode.cvd version 138, is the .deb detected now?

(Run freshclam, make sure you get bytecode.cvd 138, and that you run
0.96.4+)

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads