[clamav-users] need help creating signatures

Al Varnell alvarnell at mac.com
Fri Sep 25 03:00:14 EDT 2015


In order to get feedback you must join the clamav-virusdb mailing-list <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb>.

Hopefully someone will come along and give you something to work with while you are waiting.

-Al-

On Thu, Sep 24, 2015 at 11:56 PM, Hajo Locke wrote:
> 
> Hello,
> 
> 
> Am 25.09.2015 um 08:32 schrieb Al Varnell:
>> Why not just submit them to the ClamAV signature team so that all of us will benefit from what you’ve found?
> 
> ok, i did create the malware report. in past i submitted some times FP or malware but never got any answer or reaction. So i thought creating signatures by my own is faster.
> I think in this moment this malware is used to send spam on one of our servers.
> 
>> 
>> <http://www.clamav.net/report/report-malware.html>
>> 
>> -Al-
>> 
>> On Thu, Sep 24, 2015 at 11:27 PM, Hajo Locke wrote:
>>> Hello,
>>> 
>>> these days we see new type of php-malware.  Malware occurs in many different files, but all expand to same php-malware.
>>> 
>>> for examle here i have 4 files i have found:
>>> http://pastebin.com/TzudTPPt
>>> 
>>> All files expand to something like this and are used to send spam:
>>> http://pastebin.com/jhVRMwpE
>>> 
>>> I dont find big similarities to create one powerful signature. Need help to create one signature. Otherwise i had to create one signature for each file.
>>> Please give me a hint in this case.
>>> 
>>> Thanks,
>>> Hajo
>>> 
>>> 
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>> 
>>> http://www.clamav.net/contact.html#ml
> 
> Hajo
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

-Al-
-- 
Al Varnell
Mountain View, CA




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20150925/82a19129/attachment.bin>


More information about the clamav-users mailing list