Hi,
Uploaded a file to virustools.com and results show that ClamAV detects the
Unix.Trojan.Tsunami-6981155-0 exploit.
The command-line utility did not detect it. Up-to-date DB. The signature
appears to exist in the signature database.
Something I'm missing?
# freshclam
ClamAV update process started at Tue Feb 23 12:12:30 2021
daily.cld database is up to date (version: 26089, sigs: 4000162, f-level:
63, builder: raynman)
main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60,
builder: sigmgr)
bytecode.cvd database is up to date (version: 332, sigs: 93, f-level: 63,
builder: awillia2)
# clamscan /var/tmp/pty3
/var/tmp/pty3: OK
----------- SCAN SUMMARY -----------
Known viruses: 8565230
Engine version: 0.103.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.04 MB
Data read: 0.04 MB (ratio 1.00:1)
Time: 14.528 sec (0 m 14 s)
Start Date: 2021:02:23 12:13:43
End Date: 2021:02:23 12:13:57
# sigtools --find "6981155"
[daily.ldb]
Unix.Trojan.Tsunami-6981155-0;Engine:51-255,Target:6;0&1&2&3&4;4d6f7a696c6c612f342e302028636f6d70617469626c653b204d53494520372e303b2057696e646f7773204e5420362e303b204d794945323b20534c4343313b202e4e455420434c5220322e302e35303732373b204d656469612043656e74657220504320352e3029;4d6f7a696c6c612f352e30202857696e646f77733b20553b2057696e646f7773204e5420362e313b2063733b2072763a312e392e322e3629204765636b6f2f3230313030363238206d796962726f772f34616c70686132;4d6f7a696c6c612f352e302028636f6d70617469626c653b20553b204142726f77736520302e363b2053796c6c61626c6529204170706c655765624b69742f3432302b20284b48544d4c2c206c696b65204765636b6f29;4d6f7a696c6c612f352e3020285831313b20553b204c696e757820693638363b20706c2d504c3b2072763a312e392e302e3629204765636b6f2f32303039303230393131;4d6f7a696c6c612f352e3020284d6163696e746f73683b20553b20496e74656c204d6163204f5320583b20656e3b2072763a312e382e312e313129204765636b6f2f32303037313132382043616d696e6f2f312e352e34
Uploaded a file to virustools.com and results show that ClamAV detects the
Unix.Trojan.Tsunami-6981155-0 exploit.
The command-line utility did not detect it. Up-to-date DB. The signature
appears to exist in the signature database.
Something I'm missing?
# freshclam
ClamAV update process started at Tue Feb 23 12:12:30 2021
daily.cld database is up to date (version: 26089, sigs: 4000162, f-level:
63, builder: raynman)
main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60,
builder: sigmgr)
bytecode.cvd database is up to date (version: 332, sigs: 93, f-level: 63,
builder: awillia2)
# clamscan /var/tmp/pty3
/var/tmp/pty3: OK
----------- SCAN SUMMARY -----------
Known viruses: 8565230
Engine version: 0.103.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.04 MB
Data read: 0.04 MB (ratio 1.00:1)
Time: 14.528 sec (0 m 14 s)
Start Date: 2021:02:23 12:13:43
End Date: 2021:02:23 12:13:57
# sigtools --find "6981155"
[daily.ldb]
Unix.Trojan.Tsunami-6981155-0;Engine:51-255,Target:6;0&1&2&3&4;4d6f7a696c6c612f342e302028636f6d70617469626c653b204d53494520372e303b2057696e646f7773204e5420362e303b204d794945323b20534c4343313b202e4e455420434c5220322e302e35303732373b204d656469612043656e74657220504320352e3029;4d6f7a696c6c612f352e30202857696e646f77733b20553b2057696e646f7773204e5420362e313b2063733b2072763a312e392e322e3629204765636b6f2f3230313030363238206d796962726f772f34616c70686132;4d6f7a696c6c612f352e302028636f6d70617469626c653b20553b204142726f77736520302e363b2053796c6c61626c6529204170706c655765624b69742f3432302b20284b48544d4c2c206c696b65204765636b6f29;4d6f7a696c6c612f352e3020285831313b20553b204c696e757820693638363b20706c2d504c3b2072763a312e392e302e3629204765636b6f2f32303039303230393131;4d6f7a696c6c612f352e3020284d6163696e746f73683b20553b20496e74656c204d6163204f5320583b20656e3b2072763a312e382e312e313129204765636b6f2f32303037313132382043616d696e6f2f312e352e34