[clamav-users] need help creating signatures

Hajo Locke Hajo.Locke at gmx.de
Fri Sep 25 05:10:05 EDT 2015


Hallo,

Am 25.09.2015 um 09:00 schrieb Al Varnell:
> In order to get feedback you must join the clamav-virusdb mailing-list <http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb>.

but why a mailadress is asked at creating a malware-report?

not easy to subscribe to virus-database list. complete lists.clamav.net 
seems working only for seconds. most of the time i got request-timeouts.
i think 10th attempt was successful.

>
> Hopefully someone will come along and give you something to work with while you are waiting.
>
> -Al-
>
> On Thu, Sep 24, 2015 at 11:56 PM, Hajo Locke wrote:
>> Hello,
>>
>>
>> Am 25.09.2015 um 08:32 schrieb Al Varnell:
>>> Why not just submit them to the ClamAV signature team so that all of us will benefit from what you’ve found?
>> ok, i did create the malware report. in past i submitted some times FP or malware but never got any answer or reaction. So i thought creating signatures by my own is faster.
>> I think in this moment this malware is used to send spam on one of our servers.
>>
>>> <http://www.clamav.net/report/report-malware.html>
>>>
>>> -Al-
>>>
>>> On Thu, Sep 24, 2015 at 11:27 PM, Hajo Locke wrote:
>>>> Hello,
>>>>
>>>> these days we see new type of php-malware.  Malware occurs in many different files, but all expand to same php-malware.
>>>>
>>>> for examle here i have 4 files i have found:
>>>> http://pastebin.com/TzudTPPt
>>>>
>>>> All files expand to something like this and are used to send spam:
>>>> http://pastebin.com/jhVRMwpE
>>>>
>>>> I dont find big similarities to create one powerful signature. Need help to create one signature. Otherwise i had to create one signature for each file.
>>>> Please give me a hint in this case.
>>>>
>>>> Thanks,
>>>> Hajo
>>>>
>>>>
>>>> _______________________________________________
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>> Hajo
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> -Al-
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

Hajo




More information about the clamav-users mailing list