id: clamav-detect

info:
  name: ClamAV Server Detect
  author: pussycat0x
  severity: info
  description: |
    Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses.
  metadata:
    verified: true
    max-request: 1
    shodan-query: port:3310 product:"ClamAV"
  tags: network,clamav,detect,detection,tcp
tcp:
  - inputs:
      - data: "VERSION"
    host:
      - "{{Hostname}}"
    port: 3310

    matchers:
      - type: regex
        regex:
          - 'ClamAV ([0-9.]+)'

    extractors:
      - type: regex
        regex:
          - "ClamAV ([0-9.]+)"
# digest: 490a00463044022064adc2bd67d99f530ba285b2b8c080838fef8edffedbff7c6c4514f43b130e050220257dbf16a05f0c20656c28f084e9fddbae6425f1823a4b6e4a56c7fa762b7fb5:922c64590222798bb761d5b6d8e72950