Posted on 2007-09-30
how to use Sigtool.
I found a sample for sigtool. but I cannot understand.
I know sigtool is used to generate virus signature , how can I prove it from clamav.
Test Data For the virus to be detected during the testing, the content of packet sent must match the data in the database directory. using the ClamAV sigtool this can be done
sigtool --unpack-current daily.cvd
using sigtool generate the hex for the data to be sent
output is 76697275732E3239352E620a
This signature can be stored in daily.db file in the format below
MalwareName=HexSignature using prefixes like DOS, Trojan, Worm etc for virus names. Example