On Sun, December 13, 2015 2:25 am, Kurt Fitzner wrote: >
> The file is definitely malware - it was injected through a WordPress > vulnerability. I have a virus scan that runs hourly on my wordpress folder > just for that reason, but this one slipped through the cracks. I want to > find out what support is missing so it can be reported to the Debian > ClamAv package maintainers. Hi Kurt, It does look like an old signature and is located in main.ndb, so not easily corrected. Hopefully a modified version can be added to daily.ndb. In the mean time, here's a version to test... http://pastebin.com/cYw39kdp Just copy to test.ndb and re-scan.... Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
