|Main Archive Page > Month Archives > clamav-users archives|
sometimes clamav is to rigorous and "kills" some uploaded php-files where no malware can be found. but in this case i want to stop a specific directmailer (spam) with russian origin from being uploaded. File was submitted already but seems not to be included in official malware. Now i did my own signature with:
sigtool --md5 malwarename > malwarename.hdb Now is the question whats the best way to do my own signatures? If i add some whitespace to malware the md5 signature seems to not fit and malware is not found.