[clamav-users] ICON_HASH signature for PE files

Steve Basford steveb_clamav at sanesecurity.com
Fri Nov 9 09:54:32 UTC 2018

On Fri, November 9, 2018 9:00 am, Irshad wrote:
> Hi,

> My apologies, if I am missing something obvious. I spent around 3 hours

Hi Irshad

Not sure if this will help but there are a few icon based sigs I think in
the current daily.cvd

So unpack them and then grep for IconG, something like this:

sigtool --unpack-current=daily
grep "IconG" daily.ldb

You can then see some examples on how they are used.


Twitter: @sanesecurity

More information about the clamav-users mailing list