[clamav-users] need help creating signatures
alvarnell at mac.com
Fri Sep 25 03:00:14 EDT 2015
In order to get feedback you must join the clamav-virusdb mailing-list <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb>.
Hopefully someone will come along and give you something to work with while you are waiting.
On Thu, Sep 24, 2015 at 11:56 PM, Hajo Locke wrote:
> Am 25.09.2015 um 08:32 schrieb Al Varnell:
>> Why not just submit them to the ClamAV signature team so that all of us will benefit from what you’ve found?
> ok, i did create the malware report. in past i submitted some times FP or malware but never got any answer or reaction. So i thought creating signatures by my own is faster.
> I think in this moment this malware is used to send spam on one of our servers.
>> On Thu, Sep 24, 2015 at 11:27 PM, Hajo Locke wrote:
>>> these days we see new type of php-malware. Malware occurs in many different files, but all expand to same php-malware.
>>> for examle here i have 4 files i have found:
>>> All files expand to something like this and are used to send spam:
>>> I dont find big similarities to create one powerful signature. Need help to create one signature. Otherwise i had to create one signature for each file.
>>> Please give me a hint in this case.
>>> Help us build a comprehensive ClamAV guide:
> Help us build a comprehensive ClamAV guide:
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3569 bytes
Desc: not available
More information about the clamav-users