[Community-sigs] Welcome
Alain Zidouemba
azidouemba at sourcefire.com
Tue Feb 25 16:56:29 EST 2014
Thank you for signing up to the new ClamAV signatures contribution mailing
list.
I am looking forward to the first signature submission! Here's material on
how to write ClamAV signatures:
- https://github.com/vrtadmin/clamav-devel/blob/master/.../signatures.pdf
- http://www.clamav.net/doc/webinars/Webinar-Alain-2009-03-04.pdf
- http://vrt-blog.snort.org/2008/09/logical-signatures-in-clamav-094.html
For the more adventurous signatures writers, bytecode signatures are also
an option:
- http://vrt-blog.snort.org/2010/09/introduction-to-clamavs-low-level.html
- http://blog.clamav.net/2011/11/bytecode-signatures-for-polymorphic.html
We require that each signature:
- not be a hash-based signature
- be accompanied by a MD5/SHA1/SHA256 for a sample the signature is meant
to detect.
- come with a brief description of the threat the signature is trying to
detect and what the signature is looking for
Please DO NOT attach malware to your email. Instead, submit your
sample here<http://www.clamav.net/lang/en/sendvirus/submit-malware/>
.
Signatures submitted will be tweaked if necessary in order to conform to
our standards. After the signature passes quality assurance testing, it
will be released with proper attribution unless you prefer not to be
credited.
Thanks,
- Alain
More information about the Community-sigs
mailing list