[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1970
  • Last Modified:

Sigtool clamav

how to use Sigtool.
I found a sample for sigtool. but I cannot understand.
I know sigtool is used to generate virus signature , how can I prove it from clamav.

Test Data For the virus to be detected during the testing, the content of packet sent must match the data in the database directory. using the ClamAV sigtool this can be done

  sigtool --unpack-current daily.cvd
using sigtool generate the hex for the data to be sent

  sigtool --hex-dump
  virus.295.b
  output is 76697275732E3239352E620a
This signature can be stored in daily.db file in the format below

MalwareName=HexSignature using prefixes like DOS, Trojan, Worm etc for virus names. Example

     DOS.vs.295b (Clam)=76697275732E3239352E62
0
llvllar1on
Asked:
llvllar1on
1 Solution
 
yasserdCommented:
Hi,

Consult this file:

http://www.clamav.org/doc/latest/signatures.pdf

Regards,
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now