Clamav again ...

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Clamav again ...

Postby youlikeicecream » Wed Aug 10, 2005 8:35 am

Have been testing clamav to see how well it picks up viruses and trojans and have a small collection of nasties on CD to test with ...

I have noticed that using 'clamav-data', the virus scanner detects pratically nothing, whereas using 'freshclam' it detects more, here is my console output (All files scanned are nasties but not all are detected as such)

mike@Ubuntu:~$ clamscan /media/cdrom0/Quarantine
/media/cdrom0/Quarantine/bla.ex: OK
/media/cdrom0/Quarantine/eicar.zip: Eicar-Test-Signature FOUND
/media/cdrom0/Quarantine/gta.ex: OK
/media/cdrom0/Quarantine/hax.ex: OK
/media/cdrom0/Quarantine/lalw.ex: OK
/media/cdrom0/Quarantine/tek9.ex: Trojan.Proxy.Ranky-38 FOUND
/media/cdrom0/Quarantine/trojansimulator.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 38553
Engine version: 0.86.1
Scanned directories: 1
Scanned files: 7
Infected files: 2
Data scanned: 1.23 MB
Time: 1.261 sec (0 m 1 s)
mike@Ubuntu:~$ sudo apt-get install clam-data
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package clam-data
mike@Ubuntu:~$ sudo apt-get install clamav-data
Reading package lists... Done
Building dependency tree... Done
The following packages will be REMOVED:
clamav-freshclam clamav-getfiles
The following NEW packages will be installed:
clamav-data
0 upgraded, 1 newly installed, 2 to remove and 0 not upgraded.
Need to get 1223kB of archives.
After unpacking 1499kB disk space will be freed.
Do you want to continue [Y/n]? y
Get:1 http://gb.archive.ubuntu.com hoary/universe clamav-data 20040725.231000.422 [1223kB]
Fetched 1223kB in 0s (2747kB/s)

Preconfiguring packages ...
(Reading database ... 79052 files and directories currently installed.)
Removing clamav-getfiles ...
dpkg: clamav-freshclam: dependency problems, but removing anyway as you request: clamav-daemon depends on clamav-freshclam | clamav-data; however:
Package clamav-freshclam is to be removed.
Package clamav-data is not installed.
Package clamav-freshclam which provides clamav-data is to be removed.
clamav-milter depends on clamav-freshclam | clamav-data; however:
Package clamav-freshclam is to be removed.
Package clamav-data is not installed.
Package clamav-freshclam which provides clamav-data is to be removed.
clamav depends on clamav-freshclam | clamav-data; however:
Package clamav-freshclam is to be removed.
Package clamav-data is not installed.
Package clamav-freshclam which provides clamav-data is to be removed.
clamav-daemon depends on clamav-freshclam | clamav-data; however:
Package clamav-freshclam is to be removed.
Package clamav-data is not installed.
Package clamav-freshclam which provides clamav-data is to be removed.
clamav-milter depends on clamav-freshclam | clamav-data; however:
Package clamav-freshclam is to be removed.
Package clamav-data is not installed.
Package clamav-freshclam which provides clamav-data is to be removed.
clamav depends on clamav-freshclam | clamav-data; however:
Package clamav-freshclam is to be removed.
Package clamav-data is not installed.
Package clamav-freshclam which provides clamav-data is to be removed.
Removing clamav-freshclam ...
Stopping ClamAV virus database updater: freshclam
Selecting previously deselected package clamav-data.
(Reading database ... 79024 files and directories currently installed.)
Unpacking clamav-data (from .../clamav-data_20040725.231000.422_all.deb) ...
Setting up clamav-data (20040725.231000.422) ...

mike@Ubuntu:~$ clamscan /media/cdrom0/Quarantine
/media/cdrom0/Quarantine/bla.ex: OK
/media/cdrom0/Quarantine/eicar.zip: Eicar-Test-Signature FOUND
/media/cdrom0/Quarantine/gta.ex: OK
/media/cdrom0/Quarantine/hax.ex: OK
/media/cdrom0/Quarantine/lalw.ex: OK
/media/cdrom0/Quarantine/tek9.ex: OK
/media/cdrom0/Quarantine/trojansimulator.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 22927
Engine version: 0.86.1
Scanned directories: 1
Scanned files: 7
Infected files: 1
Data scanned: 1.23 MB
Time: 0.606 sec (0 m 0 s)


Obviously these nasties are probably quite obscure, but should really be detected ... Is there somewhere I can 'Submit' these files to clamav developers for identification and inclusion in freshclam/clam-data

Mike :)
youlikeicecream
LXF regular
 
Posts: 721
Joined: Fri Jun 03, 2005 11:40 am
Location: Oxford

Return to Help!

Who is online

Users browsing this forum: No registered users and 0 guests