[clamav-users] need help creating signatures

Hajo Locke Hajo.Locke at gmx.de
Fri Sep 25 02:56:32 EDT 2015


Hello,


Am 25.09.2015 um 08:32 schrieb Al Varnell:
> Why not just submit them to the ClamAV signature team so that all of us will benefit from what you’ve found?

ok, i did create the malware report. in past i submitted some times FP 
or malware but never got any answer or reaction. So i thought creating 
signatures by my own is faster.
I think in this moment this malware is used to send spam on one of our 
servers.

>
> <http://www.clamav.net/report/report-malware.html>
>
> -Al-
>
> On Thu, Sep 24, 2015 at 11:27 PM, Hajo Locke wrote:
>> Hello,
>>
>> these days we see new type of php-malware.  Malware occurs in many different files, but all expand to same php-malware.
>>
>> for examle here i have 4 files i have found:
>> http://pastebin.com/TzudTPPt
>>
>> All files expand to something like this and are used to send spam:
>> http://pastebin.com/jhVRMwpE
>>
>> I dont find big similarities to create one powerful signature. Need help to create one signature. Otherwise i had to create one signature for each file.
>> Please give me a hint in this case.
>>
>> Thanks,
>> Hajo
>>
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml

Hajo



More information about the clamav-users mailing list