[clamav-users] Difficult malwarefiles - signature too short
Hajo Locke
Hajo.Locke at gmx.de
Mon Nov 2 11:25:41 UTC 2015
Hello,
Am 02.11.2015 um 11:54 schrieb Alain Zidouemba:
> I believe the issue is around
>
> 5d2e{-11}*6973 <6973736574>
>
> Remove the * and try again.
ahh! hmm, didnt saw this. Works now. Thank you.
do you think a signature like this is very reliable? It seems to be so
easy for a php-programmer to generate infinite number of malwarefiles
and so hard to create fitting signature.
testing_01:0:*:737472746f6c6f776572*5d2e{-11}5d2e{-11}5d2e{-11}5d2e{-11}5d2e*6973736574{-35}6576616c{-10}28247b
>
> -Alain
>
> On Nov 2, 2015, at 5:24 AM, Hajo Locke <Hajo.Locke at gmx.de> wrote:
>
> 5d2e{-11}*6973
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Thanks,
Hajo
More information about the clamav-users
mailing list