 |
 | Clamwin and etc AV bypass with gzip archive file. |  |
|
freebyte
|
|
Hi guys.Today i bypassed ClamWin Clamscan with gzip archived file.
First i add Eicat test file in archive. ClamAV is detected. Second.I modify gzip file. 
Response: clamscan(and etc) cant detect this file. Archive is runing) virustotal. https://www.virustotal.com/ru/file/ca11e7673206521a51467a65416dbdc796e85f5bde6e6341e06bbed250c81ae0/analysis/1392558040/[/img] For full tutorial[Azerbaijan] Site is Azeri Language. Clik Yukle+url https://www.boxca.com/crv1wupdh80u/bypass_clamwin_redhatz.org.pdf.html |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
You should tell Clam AV about this--since ClamWin merely uses the scan engine/signature database provided by the Clam AV project. They are the ones that can fix this.
My first thought, however: make sure you have ClamWin set to scan archive files and that the zipped file size is under the ClamWin scan size limit (100 MB, I think--but not many self-respecting new viruses would be in a file that large). My second thought: an unscanned archive file doesn't matter too much unless it contains a virus that is self-executing. If it contains a virus for which ClamWin has a signature, it will be detected when/if it is unzipped into a folder that is later scanned by ClamWin. And... if it meets a virus profile, it will probably be detected by the Clam Sentinel front-end to ClamWin at the moment when it is unzipped to a folder where it can do some damage. Regards, |
|||||||||||
|
|||||||||||||
|
 | Clamwin and etc AV bypass with gzip archive file. | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.