Re: [clamav-users] PDF Scanning

Thu, 11 Apr 2019 11:35:33 -0700 

David,

Here is an example :
Create a file pdf.ndb in your clamav signatures directory (usually /var/lib/clamav/) 
In this file put this :
testpdf:10:*:4f70656e416374696f6e*4a617661536372697074

Save the file, and restart Clamav.
Then clamdscan should detect the pdf with "OpenAction" and "Javascript".

More information about creating signatures for Clamav at :
https://www.clamav.net/documents/creating-signatures-for-clamav


Le 11/04/2019 à 19:29, David Hendrick a écrit :

Hi Arnaud,
Could you explain how I do this? If this something I can add to clamd.conf?

Many thanks,
David

-----Original Message-----
From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Arnaud 
Jacques
Sent: Thursday 11 April 2019 18:27
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] PDF Scanning

Hello David,

Le 11/04/2019 à 19:20, David Hendrick a écrit :

Hi there,
Does anyone know if there's a way to have ClamAV detect PDF files that
have items such as "OpenAction" or "JavaScript" or "JS"?

You can do any detection using Clamav.
*But* if you detect PDF containing "OpenAction" and "Javascript" or "JS"
you will have a lot of false positives.

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.44.39.76.46
E-mail : a...@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom

Securiteinfo.com
La Sécurité Informatique - La Sécurité des Informations.
266, rue de Villers
60123 Bonneuil en Valois


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to