Sure. I will submit but as per clamav Database this signature is already in database.
Why we should submit sample again? On Tue, Jul 28, 2015 at 4:58 PM, Alain Zidouemba <azidoue...@sourcefire.com> wrote: > Yes, please do so. Submit your sample here: > http://www.clamav.net/report/report-malware.html and provide the MD5 or > SHA256 of the sample you submitted as a reply to this email. > > Thanks, > > - Alain > > On Tue, Jul 28, 2015 at 11:01 AM, Al Varnell <alvarn...@mac.com> wrote: > > > It does not match the signature for Exploit.PDF.CVE_2009_4324. > > > > It’s looking for a two part signature: > > > > In your document there are spaces in the string "/S /JavaScript /JS” > which > > are not in the signature. > > > > Your document contains the string "media.newPlayer(null)” whereas the > > signature is looking for “this.” in front of it. > > > > Submit your document for possible addition of new or revised signature. > > > > -Al- > > > > > > > > On Tue, Jul 28, 2015 at 03:01 AM, P K wrote: > > > > > > Hi Guys, > > > > > > Still waiting for an answer. > > > > > > On Thu, Jul 23, 2015 at 8:21 PM, P K <pkopen...@gmail.com> wrote: > > > > > >> Hi Guys, > > >> > > >> I am testing clamav in my local system to detect POST data's from > > network. > > >> I am newbie in ClamAv and want to test with real time signatures. > > >> > > >> I tested with Eicher Test Signature and it works fine. > > >> > > >> *But ClamAv is unable to detect CVE-2009-4324 with pdf.* > > >> > > >> I see signature is present in daily.cld and if extracted its present > in > > >> daily.ldb. > > >> Gmail able to detect same pdf as virus. > > >> > > >> Any help on what wrong in my ClamAv system and to fix it. > > >> > > >> $ clamscan ~/anti/eicar.com.txt > > >> */home/pk/anti/eicar.com.txt: Eicar-Test-Signature FOUND* > > >> > > >> ----------- SCAN SUMMARY ----------- > > >> Known viruses: 3898123 > > >> Engine version: 0.98.6 > > >> Scanned directories: 0 > > >> Scanned files: 1 > > >> Infected files: 1 > > >> Data scanned: 0.00 MB > > >> Data read: 0.00 MB (ratio 0.00:1) > > >> Time: 6.480 sec (0 m 6 s) <--------------- took 6sec to detect > normal > > >> virus > > >> > > >> $ clamscan ~/anti_new/virus/exploit.pdf > > >> > > >> */home/pk/anti_new/virus/exploit.pdf: OK* > > >> ----------- SCAN SUMMARY ----------- > > >> Known viruses: 3898123 > > >> Engine version: 0.98.6 > > >> Scanned directories: 0 > > >> Scanned files: 1 > > >> Infected files: 0 > > >> Data scanned: 0.00 MB > > >> Data read: 0.00 MB (ratio 0.00:1) > > >> Time: 8.100 sec (0 m 8 s) > > >> > > >> I generated above virus using this link - > > >> http://www.decalage.info/exefilter_pdf_exploits > > >> > > >> I really want to learn ClamAv virus detection and try to enhance it. > > >> > > >> Thanks > > >> --PK > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
