[clamav-users] ICON_HASH signature for PE files

Irshad meradumpemail at gmail.com
Fri Nov 9 11:45:05 UTC 2018


Hi Steve
This does not solve the problem, I don't know how to calculate the fuzzy
hash  of icon that is used in the signature.

On Nov 9, 2018 5:54 PM, "Steve Basford" <steveb_clamav at sanesecurity.com>
wrote:

>
> On Fri, November 9, 2018 9:00 am, Irshad wrote:
> > Hi,
> >
>
> >
> > My apologies, if I am missing something obvious. I spent around 3 hours
>
> Hi Irshad
>
> Not sure if this will help but there are a few icon based sigs I think in
> the current daily.cvd
>
> So unpack them and then grep for IconG, something like this:
>
> sigtool --unpack-current=daily
> grep "IconG" daily.ldb
>
> You can then see some examples on how they are used.
>
> --
> Cheers,
>
> Steve
> Twitter: @sanesecurity
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181109/6f849320/attachment.htm>


More information about the clamav-users mailing list