[clamav-users] ICON_HASH signature for PE files
Irshad
meradumpemail at gmail.com
Fri Nov 9 09:00:23 UTC 2018
Hi,
I have a bunch of PE files for which I need to create the ICON_HAHS based
signatures, In documentation, here
<https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual/Signatures.md#icon-signatures-for-pe-files>,
it says
The ICON_HASH field can be obtained from the debug output of libclamav.
I have ran the clamscan on PE files with --debug flag but there is no field
named ICON_HASH in output.
I am also confused about the purpose of IconGroup1 or IconGroup2 and how I
need to define them in .idb file.
My apologies, if I am missing something obvious. I spent around 3 hours to
find an answer about this before sending this email.
Thank you all.
Regards,
Irshad Muhammad.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181109/76f90186/attachment.htm>
More information about the clamav-users
mailing list