[clamav-users] possible to use clamscan to search for strings in mail?

Alex alex at pgrocks.com
Wed Mar 6 11:41:58 EST 2019


Great, thanks!

 All I had to do was writing an new.ldb rule with hex patterns to
search for:

Sig1;Target:4;(0|1|2|3|4|5|6|7|8|9|10|11|12);e2e5ede0eb;c2c5cdc0cb;fe32
;de32;d7c5cec1cc;f7e5eee1ec;c032;e032;d0b2d0b5d0bdd0b0d0bb;d092d095d09d
d090d09b;d18e32;d0ae32;7576656e616c

 and run clamscan:

clamscan -f ~/list -i -d ~/new.ldb

On Wed, 2019-03-06 at 10:50 +0100, Arnaud Jacques wrote:
> Hello Alex,
> 
> 
> > We do have a large IMAP ~200GB, and in order to find letters 
> > containing specific "keyword",
> > grep is not good because of base64 encoding. So the idea is to
> > look 
> > through with antivirus scanner for "virus" inside letters, which
> > is 
> > not a virus but a (not sure, may be) "bytecode signature" =
> > "keyword"
> > 
> > Sounds good? A link to a howto will be appreciated.
> 
> Yes it is possible. Please see the official documentation :
> https://www.clamav.net/documents/creating-signatures-for-clamav
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190306/cf74ab57/attachment.html>


More information about the clamav-users mailing list