[clamav-users] Custom database
Al Varnell
alvarnell at mac.com
Fri May 5 08:28:32 UTC 2017
From "signatures.pdf" para 3.1.3:
> The easiest way to generate MD5 based section signatures is to extract target PE sections into separate files and then run sigtool with the option --mdb
-Al-
On Fri, May 05, 2017 at 12:47 AM, Abdullah AL-Mutairy wrote:
>
> Hello everyone!
>
> I'm having a trouble with custom databases.
> I have 600 malware samples stored in "/Downloads/exe" and used sigtool to create a signature database that only contain signatures of those 600 malware samples, so i navigated the command line to point to /Downloads/exe and then did this:
>
> $ sigtool --mdb * > home/test/Documents/CustomDB.mdb
>
> But when i do clamscan and let clam use this database it does not detect any malware sample! I did the following:
>
> /Downloads/exe$ clamscan -r -d /home/teat/Documents/CustomDB.mdb
>
> Clamav did not identify any thing! I don't know why!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3569 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20170505/54476538/attachment.bin>
More information about the clamav-users
mailing list