[Clamav-users] clamav - own signatures

From: Andre Hübner <andre.huebner_at_nospam>
Date: Fri Dec 19 2008 - 12:02:59 GMT
To: <clamav-users@lists.clamav.net>

Hello,

sometimes clamav is to rigorous and "kills" some uploaded php-files where no malware can be found. but in this case i want to stop a specific directmailer (spam) with russian origin from being uploaded. File was submitted already but seems not to be included in official malware. Now i did my own signature with:

sigtool --md5 malwarename > malwarename.hdb Now is the question whats the best way to do my own signatures? If i add some whitespace to malware the md5 signature seems to not fit and malware is not found.

Thanks,
Andre

Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml

This message: [ Message body ]
Next message: Sudhakar Marimuthu: "[Clamav-users] 56: Can’t stat input file or directory. File / directory you want to scan doesn’t"
Previous message: Török Edwin: "Re: [Clamav-users] ClamAV 0.94.2 memory leak?"
Next in thread: Török Edwin: "Re: [Clamav-users] clamav - own signatures"
Reply: Török Edwin: "Re: [Clamav-users] clamav - own signatures"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]