Hey guys, I've tested two types of rootkits with ClamAV. Adore-ng(kernel level) & Mafix(application level)
Well, virus implanted by Mafix were completedly detected : /usr/bin/md5sum: Unix.Malware.Agent-6005569-0 FOUND /usr/bin/find: Win.Trojan.U-110 FOUND /usr/bin/pstree: Win.Trojan.Rootkit-5 FOUND /usr/bin/dir: Unix.Malware.Agent-1393952 FOUND /bin/ls: Unix.Malware.Agent-1393952 FOUND /sbin/ifconfig: Unix.Malware.Agent-1696070 FOUND /sbin/ttyload: Heuristics.Broken.Executable FOUND /sbin/ttymon: Win.Trojan.Linux-29 FOUND But when I tested with Adore-ng, nothing was detected. And then I tested it with ESET(one of anti-virus soft) and was detected. The virus name detected by ESET was "a variant of Linux/Rootkit.Adore.B Trojan" So I wonder can ClamAV detect LKM rootkits? Or would you mind to tell me where can I find the virus list that ClamAV can detected? Thank you, Zhuang _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
