[clamav-users] ICON_HASH signature for PE files

Irshad meradumpemail at gmail.com
Fri Nov 9 09:00:23 UTC 2018


Hi,

I have a bunch of PE files for which I need to create the ICON_HAHS based
signatures, In documentation, here
<https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual/Signatures.md#icon-signatures-for-pe-files>,
it says

The ICON_HASH field can be obtained from the debug output of libclamav.

I have ran the clamscan on PE files with --debug flag but there is no field
named ICON_HASH in output.
I am also confused about the purpose of IconGroup1 or IconGroup2  and how I
need to define them in .idb file.

My apologies, if I am missing something obvious. I spent around 3 hours to
find an answer about this before sending this email.

Thank you all.

Regards,
Irshad Muhammad.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181109/76f90186/attachment.htm>


More information about the clamav-users mailing list