[clamav-users] custom signatures wont work :(

krzf83@gmail.com krzf83 at gmail.com
Thu Mar 13 19:44:57 EDT 2014


I've spend on this about 6 hours without any effect. Please help :(
I had it working some time ago but today I've found out that it
stopped working (maybe after one of the clamav updates)

root at sv1 [/root/test]# echo test > test.exe
root at sv1 [/root/test]# cat test.exe
test
root at sv1 [/root/test]# sigtool --md5 test.exe > test.hdb
root at sv1 [/root/test]# clamscan -d test.hdb test.exe
test.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 1
Engine version: 0.98.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.002 sec (0 m 0 s)


--

root at sv1 [/root/test]# echo test > test.exe
root at sv1 [/root/test]# cat test.exe
test
root at sv1 [/root/test]# printf test|sigtool --hex-dump
74657374
root at sv1 [/root/test]# cat test.ndb
test:0:*:74657374
root at sv1 [/root/test]# clamscan -d test.ndb test.exe
test.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 1
Engine version: 0.98.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.002 sec (0 m 0 s)

root at sv1 [/root/test]# sigtool --test-sigs=test.ndb test.exe
VIRUS NAME: test
TARGET TYPE: ANY FILE
OFFSET: *
MATCH: ** YES ** (1 match at offset: 0)



More information about the clamav-users mailing list