[clamav-users] possible to use clamscan to search for strings in mail?
Alex
alex at pgrocks.com
Wed Mar 6 16:41:58 UTC 2019
Great, thanks!
All I had to do was writing an new.ldb rule with hex patterns to
search for:
Sig1;Target:4;(0|1|2|3|4|5|6|7|8|9|10|11|12);e2e5ede0eb;c2c5cdc0cb;fe32
;de32;d7c5cec1cc;f7e5eee1ec;c032;e032;d0b2d0b5d0bdd0b0d0bb;d092d095d09d
d090d09b;d18e32;d0ae32;7576656e616c
and run clamscan:
clamscan -f ~/list -i -d ~/new.ldb
On Wed, 2019-03-06 at 10:50 +0100, Arnaud Jacques wrote:
> Hello Alex,
>
>
> > We do have a large IMAP ~200GB, and in order to find letters
> > containing specific "keyword",
> > grep is not good because of base64 encoding. So the idea is to
> > look
> > through with antivirus scanner for "virus" inside letters, which
> > is
> > not a virus but a (not sure, may be) "bytecode signature" =
> > "keyword"
> >
> > Sounds good? A link to a howto will be appreciated.
>
> Yes it is possible. Please see the official documentation :
> https://www.clamav.net/documents/creating-signatures-for-clamav
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190306/cf74ab57/attachment.htm>
More information about the clamav-users
mailing list