Hi there, On Thu, 3 Apr 2008 xue wen wrote:
> I am trying to test the funcationality of ClamAV scanning the binary file. I > have added a signature into the daily.db file, the signature is as follows: > > Worm.Yawen (Clam)=6161616262626363 > > It is actually the string of aaabbbcc. When I add this string into the > binary file, and use the modified daily.db as the database file to scan the > binary file, I cannot get a match of that signature. I have used two methods > to add this string into the binary file: > 1. use cat command to add the string to the end of binary file: #cat 1.txt > >>data.bin, where 1.txt contains aaabbbcc and data.bin is the binary file. > 2. copy the binary file onto Windows and use UltraEdit to open the binary > file, add the string into the file(in the middle, at the beginning and at > the end). > Neither way works... > > If I do the steps above for a text file, I can get the match of the > signature "Worm.Yawen (Clam)=6161616262626363", which is contained in the > text file. > Could please tell me the reason? The reason is that you haven't read the documentation. And apparently when you edited the file in your step 2 you did it with your eyes shut. What on Earth makes you think you can modify a database file in that way without breaking it? http://www.clamav.org/doc/latest/signatures.pdf -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html