[clamav-users] Detect Signed Malicious Binaries Using .CRB File Signature
meradumpemail at gmail.com
Mon Oct 14 04:34:24 EDT 2019
I have a multiple signed malwares. I want to create detection using the
certificate that is used to sign them. I came across an old blog from
Where the author creates a signature for the revoked certificate and adds
it to .crtdb to detect the signed malicious binary. Recent versions of
ClamAV don't recognize .crtdb file, it seems to be replaced by .crb file.
In the documentation, I found this
The .crb format supports blacklist rule entries, but these cannot currently
be used as a basis for malware detection. Instead, as currently
implemented, these entries just override .crb rules which would otherwise
whitelist a given sample
My question is, Is there any way to detect signed malicious binaries using
signing certificate properties like the author does in the old blog
Thank you :) I am new to ClamAV. Please forgive my ignorance.
Have a nice day, you all. :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clamav-users