[clamav-users] ICON_HASH signature for PE files

Steve Basford steveb_clamav at sanesecurity.com
Fri Nov 9 09:54:32 UTC 2018


On Fri, November 9, 2018 9:00 am, Irshad wrote:
> Hi,
>

>
> My apologies, if I am missing something obvious. I spent around 3 hours

Hi Irshad

Not sure if this will help but there are a few icon based sigs I think in
the current daily.cvd

So unpack them and then grep for IconG, something like this:

sigtool --unpack-current=daily
grep "IconG" daily.ldb

You can then see some examples on how they are used.

-- 
Cheers,

Steve
Twitter: @sanesecurity




More information about the clamav-users mailing list