[Community-sigs] Create your own ClamAV signatures with CASC

[Alain Zidouemba]

http://blog.clamav.net/2015/05/create-your-own-clamav-signatures-with.html

The ClamAV community is growing and we are receiving more user-generated
ClamAV signatures through our community signatures mailing list
<http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html>.
Thanks to all who have contributed! For those who find the task of writing
your own signatures
<https://github.com/vrtadmin/clamav-devel/raw/master/docs/signatures.pdf>
daunting,
we have created something you may be interested in.

To aid users in developing better ClamAV signatures faster, Angel Villegas
created the ClamAV Signature Creator (CASC), an IDA Pro plug-in. A quick
and easy installation into IDA Pro 6.7 or higher (reduced feature set for
IDA Pro 6.6) will have you creating basic ClamAV ndb and ldb signatures in
no time. CASC allows users to select aspects of a sample's disassembly, a
function block, or a set of strings to create a sub-signature. Each
sub-signature can contain user-defined notes to keep track of information
contained within the sub-signature. Once you've selected enough
sub-signatures to get the job done, or until your heart's content, a ClamAV
signature can be created from one or more sub-signatures.

Check out this IDA Pro plug-in on Github <https://github.com/vrtadmin/CASC> and
its wiki for documentation <https://github.com/vrtadmin/CASC/wiki>.

- Alain