I have a sample virus file that can be detected by ClamAV on VirusTotal: https://www.virustotal.com/gui/file/6e945381416bac2657acaeccabc8daf04df0c2285ca36333419484ee2120dda4 VirusTotal ClamAV detects that the file is infected with signature: Doc.Downloader.Pwshell-10001336-0 But when I use my local ClamAV (on Ubuntu), it cannot detect the virus file:
abc@VNLT:~$ clamscan test_macro.doc Loading: 19s, ETA: 0s [========================>] 10.77M/10.77M sigs Compiling: 5s, ETA: 0s [========================>] 41/41 tasks /home/abc/test_macro.doc: OK ----------- SCAN SUMMARY ----------- Known viruses: 8706304 Engine version: 1.4.2 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.09 MB Data read: 0.04 MB (ratio 2.40:1) Time: 13.148 sec (0 m 13 s) Start Date: 2025:04:15 10:00:33 End Date: 2025:04:15 10:00:46 I already use the latest ClamAV version and CVD database: abc@VNLT:~$ clamscan --version ClamAV 1.4.2/27608/Mon Apr 14 15:34:28 2025 I unpacked the CVD file using sigtool and see that the signature exists in our local database: abc@VNLT:/usr/local/share/clamav$ grep "Doc.Downloader.Pwshell-10001336-0" ./* grep: ./daily.cld: binary file matches ./daily.ldb:Doc.Downloader.Pwshell-10001336-0;Engine:151-255,Container:CL_TYPE_MSOLE2,Target:0;0&1&2&3&4&5;2323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323;4e65774d6163726f73;50726f6365647572616c;52454d2050524f4a45435448454c5046494c4550415448323a;52454d205642412070726f6a656374206578747261637465642066726f6d204d6963726f736f6674204f666669636520646f63756d656e74;706f7765727368656c6c Why can't my local virus scanner detect the virus that VirusTotal can? Do I missed some configuration? Best Regards Tai Dang
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
