ClamAV will detect all forms of malware on all platforms that it is aware of. Thousands of samples of existing malware are received by them daily from a variety of sources, none more valuable than users like you.
Please submit Adore-ng to <http://www.clamav.net/reports/malware>. Sent from my iPad -Al- On Dec 3, 2018, at 19:32, zhuangxiaohui wrote: > Hey guys, > > I've tested two types of rootkits with ClamAV. > Adore-ng(kernel level) & Mafix(application level) > > Well, virus implanted by Mafix were completedly detected : > /usr/bin/md5sum: Unix.Malware.Agent-6005569-0 FOUND > /usr/bin/find: Win.Trojan.U-110 FOUND > /usr/bin/pstree: Win.Trojan.Rootkit-5 FOUND > /usr/bin/dir: Unix.Malware.Agent-1393952 FOUND > /bin/ls: Unix.Malware.Agent-1393952 FOUND > /sbin/ifconfig: Unix.Malware.Agent-1696070 FOUND > /sbin/ttyload: Heuristics.Broken.Executable FOUND > /sbin/ttymon: Win.Trojan.Linux-29 FOUND > > But when I tested with Adore-ng, nothing was detected. > And then I tested it with ESET(one of anti-virus soft) and was detected. > The virus name detected by ESET was "a variant of Linux/Rootkit.Adore.B > Trojan" > > So I wonder can ClamAV detect LKM rootkits? > Or would you mind to tell me where can I find the virus list that ClamAV can > detected? > > Thank you, > Zhuang
_______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
