[clamav-users] ICON_HASH signature for PE files
Steve Basford
steveb_clamav at sanesecurity.com
Fri Nov 9 09:54:32 UTC 2018
On Fri, November 9, 2018 9:00 am, Irshad wrote:
> Hi,
>
>
> My apologies, if I am missing something obvious. I spent around 3 hours
Hi Irshad
Not sure if this will help but there are a few icon based sigs I think in
the current daily.cvd
So unpack them and then grep for IconG, something like this:
sigtool --unpack-current=daily
grep "IconG" daily.ldb
You can then see some examples on how they are used.
--
Cheers,
Steve
Twitter: @sanesecurity
More information about the clamav-users
mailing list