search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.4k stars 705 forks source link

Anyway to get clamscan/clamd to inspect ignored types #47

Closed wmetcalf closed 8 years ago

wmetcalf commented 8 years ago

Is there anyway or target to force clamav to inspect ignored types. For example.. If I wanted to detect the EXE inside of EPS in the word doc described here http://casual-scrutiny.blogspot.in/2016/02/cve-2015-2545-itw-emet-evasion.html I could do something like the following. But it appears that PostScript is always ignored because it is CL_TYPE_IGNORED in libclamav/filetypes_int.h "0:0:252150532d41646f62652d:PostScript:CL_TYPE_ANY:CL_TYPE_IGNORED". Is there anyway to force scanning of this filetype or this signature without recompiling clamav?

MiscreantPunch.AsciiEXEinEPS.Common.CVE-2015-2545.Construct;Target:0;(0);2525426f756e64696e67426f78_34643561_3534363836393733323037303732366636373732363136643230::i

head -1 FL9364.tmp.bin %!PS-Adobe-3.0 coz@3d0:~/Downloads/clam-punch$ clamscan --debug -d miscreantpunch099.ldb FL9364.tmp.bin LibClamAV debug: searching for unrar, user-searchpath: /usr/lib LibClamAV debug: searching for unrar: libclamunrar_iface.so.7.1.1 not found LibClamAV debug: searching for unrar: libclamunrar_iface.so.7 not found LibClamAV debug: searching for unrar: libclamunrar_iface.so not found LibClamAV debug: searching for unrar: libclamunrar_iface.a not found LibClamAV debug: Cannot dlopen libclamunrariface: file not found - unrar support unavailable LibClamAV debug: Initialized 0.99 engine LibClamAV debug: Initializing phishcheck module LibClamAV debug: Phishcheck: Compiling regex: ^ (http|https|ftp:(//)?)?[0-9]{1,3}(.[0-9]{1,3}){3}[/?:]? $ LibClamAV debug: Phishcheck module initialized LibClamAV debug: Bytecode initialized in JIT mode LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initialising AC pattern matcher of root[0] LibClamAV debug: cli_initroots: Initializing BM tables of root[0] LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initialising AC pattern matcher of root[1] LibClamAV debug: cli_initroots: Initializing BM tables of root[1] LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initialising AC pattern matcher of root[2] LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initialising AC pattern matcher of root[3] LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initialising AC pattern matcher of root[4] LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initialising AC pattern matcher of root[5] LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initialising AC pattern matcher of root[6] LibClamAV debug: Initializing engine->root[7] LibClamAV debug: Initialising AC pattern matcher of root[7] LibClamAV debug: Initializing engine->root[8] LibClamAV debug: Initialising AC pattern matcher of root[8] LibClamAV debug: Initializing engine->root[9] LibClamAV debug: Initialising AC pattern matcher of root[9] LibClamAV debug: Initializing engine->root[10] LibClamAV debug: Initialising AC pattern matcher of root[10] LibClamAV debug: Initializing engine->root[11] LibClamAV debug: Initialising AC pattern matcher of root[11] LibClamAV debug: Initializing engine->root[12] LibClamAV debug: Initialising AC pattern matcher of root[12] LibClamAV debug: Initializing engine->root[13] LibClamAV debug: Initialising AC pattern matcher of root[13] LibClamAV debug: Initializing engine->root[14] LibClamAV debug: Initialising AC pattern matcher of root[14] LibClamAV debug: miscreantpunch099.ldb loaded LibClamAV debug: Loaded 148 filetype definitions LibClamAV debug: Using filter for trie 0 LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 343 (reloff: 1, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 109 LibClamAV debug: Using filter for trie 1 LibClamAV debug: Matcher[1]: PE: AC sigs: 8 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 12 LibClamAV debug: Matcher[2]: OLE2: AC sigs: 153 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 11 (reloff: 0, absoff: 0) maxpatlen 58 (ac_only mode) LibClamAV debug: Matcher[3]: HTML: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 4 LibClamAV debug: Matcher[4]: MAIL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[6]: ELF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 7 LibClamAV debug: Matcher[7]: ASCII: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[10]: PDF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[11]: FLASH: AC sigs: 60 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 64 (ac_only mode) LibClamAV debug: Matcher[12]: JAVA: AC sigs: 21 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 77 (ac_only mode) LibClamAV debug: Matcher[13]: INTERNAL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[14]: OTHER: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SWIZZOR: _ Off LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: * Submodule ASPACK: On LibClamAV debug: * Submodule CATALOG: On LibClamAV debug: * Submodule DISABLECERT: \ Off LibClamAV debug: * Submodule DUMPCERT: \ Off LibClamAV debug: * Submodule MATCHICON: On LibClamAV debug: Module ELF: On LibClamAV debug: Module MACHO: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule ARJ: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule CPIO: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: * Submodule NSIS: On LibClamAV debug: * Submodule AUTOIT: On LibClamAV debug: * Submodule ISHIELD: On LibClamAV debug: * Submodule 7zip: On LibClamAV debug: * Submodule ISO9660: On LibClamAV debug: * Submodule DMG: On LibClamAV debug: * Submodule XAR: On LibClamAV debug: * Submodule HFSPLUS: On LibClamAV debug: * Submodule XZ: On LibClamAV debug: * Submodule PASSWD: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: On LibClamAV debug: * Submodule SCRIPT: On LibClamAV debug: * Submodule HTMLSKIPRAW: On LibClamAV debug: * Submodule JSNORM: On LibClamAV debug: * Submodule SWF: On LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: * Submodule DLP: On LibClamAV debug: * Submodule MYDOOMLOG: On LibClamAV debug: * Submodule PREFILTERING: On LibClamAV debug: * Submodule PDFNAMEOBJ: On LibClamAV debug: * Submodule PRTNINTXN: On LibClamAV debug: Module PHISHING On LibClamAV debug: * Submodule ENGINE: On LibClamAV debug: * Submodule ENTCONV: On LibClamAV debug: Module BYTECODE On LibClamAV debug: * Submodule INTERPRETER: On LibClamAV debug: * Submodule JIT X86: On LibClamAV debug: * Submodule JIT PPC: On LibClamAV debug: * Submodule JIT ARM: \ Off LibClamAV debug: Module STATS Off LibClamAV debug: Module PCRE On LibClamAV debug: * Submodule SUPPORT: On LibClamAV debug: * Submodule OPTIONS: On LibClamAV debug: * Submodule GLOBAL: On LibClamAV debug: pool memory used: 7.034 MB LibClamAV debug: No bytecodes loaded, not running builtin test LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized PostScript file LibClamAV debug: cache_check: 181d0d3dd05618fb3fd056c2c79cf741 is negative LibClamAV debug: cli_magic_scandesc: returning 0 at line 2541 LibClamAV debug: cache_add: 181d0d3dd05618fb3fd056c2c79cf741 (level 0) FL9364.tmp.bin: OK LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up

----------- SCAN SUMMARY ----------- Known viruses: 90 Engine version: 0.99 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 0.46 MB (ratio 0.00:1) Time: 0.008 sec (0 m 0 s)

Trim PostScript line 1

head -1 FL9364.tmp.bin %%BoundingBox: 36 36 576 756

coz@3d0:~/Downloads/clam-punch$ clamscan --debug -d miscreantpunch099.ldb FL9364.tmp.bin LibClamAV debug: searching for unrar, user-searchpath: /usr/lib LibClamAV debug: searching for unrar: libclamunrar_iface.so.7.1.1 not found LibClamAV debug: searching for unrar: libclamunrar_iface.so.7 not found LibClamAV debug: searching for unrar: libclamunrar_iface.so not found LibClamAV debug: searching for unrar: libclamunrar_iface.a not found LibClamAV debug: Cannot dlopen libclamunrariface: file not found - unrar support unavailable LibClamAV debug: Initialized 0.99 engine LibClamAV debug: Initializing phishcheck module LibClamAV debug: Phishcheck: Compiling regex: ^ (http|https|ftp:(//)?)?[0-9]{1,3}(.[0-9]{1,3}){3}[/?:]? $ LibClamAV debug: Phishcheck module initialized LibClamAV debug: Bytecode initialized in JIT mode LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initialising AC pattern matcher of root[0] LibClamAV debug: cli_initroots: Initializing BM tables of root[0] LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initialising AC pattern matcher of root[1] LibClamAV debug: cli_initroots: Initializing BM tables of root[1] LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initialising AC pattern matcher of root[2] LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initialising AC pattern matcher of root[3] LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initialising AC pattern matcher of root[4] LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initialising AC pattern matcher of root[5] LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initialising AC pattern matcher of root[6] LibClamAV debug: Initializing engine->root[7] LibClamAV debug: Initialising AC pattern matcher of root[7] LibClamAV debug: Initializing engine->root[8] LibClamAV debug: Initialising AC pattern matcher of root[8] LibClamAV debug: Initializing engine->root[9] LibClamAV debug: Initialising AC pattern matcher of root[9] LibClamAV debug: Initializing engine->root[10] LibClamAV debug: Initialising AC pattern matcher of root[10] LibClamAV debug: Initializing engine->root[11] LibClamAV debug: Initialising AC pattern matcher of root[11] LibClamAV debug: Initializing engine->root[12] LibClamAV debug: Initialising AC pattern matcher of root[12] LibClamAV debug: Initializing engine->root[13] LibClamAV debug: Initialising AC pattern matcher of root[13] LibClamAV debug: Initializing engine->root[14] LibClamAV debug: Initialising AC pattern matcher of root[14] LibClamAV debug: miscreantpunch099.ldb loaded LibClamAV debug: Loaded 148 filetype definitions LibClamAV debug: Using filter for trie 0 LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 343 (reloff: 1, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 109 LibClamAV debug: Using filter for trie 1 LibClamAV debug: Matcher[1]: PE: AC sigs: 8 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 12 LibClamAV debug: Matcher[2]: OLE2: AC sigs: 153 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 11 (reloff: 0, absoff: 0) maxpatlen 58 (ac_only mode) LibClamAV debug: Matcher[3]: HTML: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 4 LibClamAV debug: Matcher[4]: MAIL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[6]: ELF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Using filter for trie 7 LibClamAV debug: Matcher[7]: ASCII: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[10]: PDF: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[11]: FLASH: AC sigs: 60 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 64 (ac_only mode) LibClamAV debug: Matcher[12]: JAVA: AC sigs: 21 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 77 (ac_only mode) LibClamAV debug: Matcher[13]: INTERNAL: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[14]: OTHER: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) PCREs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SWIZZOR: _ Off LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: * Submodule ASPACK: On LibClamAV debug: * Submodule CATALOG: On LibClamAV debug: * Submodule DISABLECERT: \ Off LibClamAV debug: * Submodule DUMPCERT: \ Off LibClamAV debug: * Submodule MATCHICON: On LibClamAV debug: Module ELF: On LibClamAV debug: Module MACHO: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule ARJ: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule CPIO: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: * Submodule NSIS: On LibClamAV debug: * Submodule AUTOIT: On LibClamAV debug: * Submodule ISHIELD: On LibClamAV debug: * Submodule 7zip: On LibClamAV debug: * Submodule ISO9660: On LibClamAV debug: * Submodule DMG: On LibClamAV debug: * Submodule XAR: On LibClamAV debug: * Submodule HFSPLUS: On LibClamAV debug: * Submodule XZ: On LibClamAV debug: * Submodule PASSWD: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: On LibClamAV debug: * Submodule SCRIPT: On LibClamAV debug: * Submodule HTMLSKIPRAW: On LibClamAV debug: * Submodule JSNORM: On LibClamAV debug: * Submodule SWF: On LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: * Submodule DLP: On LibClamAV debug: * Submodule MYDOOMLOG: On LibClamAV debug: * Submodule PREFILTERING: On LibClamAV debug: * Submodule PDFNAMEOBJ: On LibClamAV debug: * Submodule PRTNINTXN: On LibClamAV debug: Module PHISHING On LibClamAV debug: * Submodule ENGINE: On LibClamAV debug: * Submodule ENTCONV: On LibClamAV debug: Module BYTECODE On LibClamAV debug: * Submodule INTERPRETER: On LibClamAV debug: * Submodule JIT X86: On LibClamAV debug: * Submodule JIT PPC: On LibClamAV debug: * Submodule JIT ARM: \ Off LibClamAV debug: Module STATS Off LibClamAV debug: Module PCRE On LibClamAV debug: * Submodule SUPPORT: On LibClamAV debug: * Submodule OPTIONS: On LibClamAV debug: * Submodule GLOBAL: On LibClamAV debug: pool memory used: 7.034 MB LibClamAV debug: No bytecodes loaded, not running builtin test LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16) LibClamAV debug: Recognized ASCII text LibClamAV debug: cache_check: 05a2384b77e3f26024b761531f6c394a is negative LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: MiscreantPunch.DocEXEinEPS.Common.CVE-2015-2545.Construct.UNOFFICIAL found LibClamAV debug: FP SIGNATURE: 05a2384b77e3f26024b761531f6c394a:488749:MiscreantPunch.DocEXEinEPS.Common.CVE-2015-2545.Construct.UNOFFICIAL LibClamAV debug: cli_magic_scandesc: returning 1 at line 2541 FL9364.tmp.bin: MiscreantPunch.DocEXEinEPS.Common.CVE-2015-2545.Construct.UNOFFICIAL FOUND LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Freeing phishcheck struct LibClamAV debug: Phishcheck cleaned up

----------- SCAN SUMMARY ----------- Known viruses: 90 Engine version: 0.99 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.46 MB Data read: 0.46 MB (ratio 1.00:1) Time: 0.011 sec (0 m 0 s)

vrtadmin commented 8 years ago

Hey Will,

ClamAV-Users list is a better place for questions.