[ Charset ISO-8859-1 unsupported, converting... ]
> Has anyone created an original signature to add to the virus.db file?
>
> It's a text email (not attachment)... I'm using Amavis w/clamav and it's not
> quite clear to me how to get it done. (sigtool?)
>
> Specifically, I'm wanting to add the Friendgreetings permissive virus to what
> we reject as a virus. Symantec, etc. are not adding it...
>
> Info on the virus at http://www.sarc.com/avcenter/venc/data/friendgreetings.html
It's really simple.
The Friendgreetings description from www:
-=-=-=-=-=-
Subject: %recipient% you have an E-Card from %sender%.
Message:
Greetings!
%sender% has sent you an E-Card -- a virtual postcard from FriendGreetings.com. You
can pickup your E-Card at the FriendGreetings.com by clicking on the link
below.
http:/ /www.friendgreetings.com/pickup/pickup.aspx?<extra content removed>
Message:
------------------------------------------------------------
%recipient%
I sent you a greeting card. Please pick it up.
%sender%
------------------------------------------------------------
-=-=-=-=-=-
We need a unique string, eg:
can pickup your E-Card at the FriendGreetings.com by clicking on the link
and now we need to generate a hex-string from the data:
echo "can pickup your E-Card at the FriendGreetings.com by clicking on the link" |
sigtool --hex-dump > my.db
cp my.db /usr/local/share/clamav
clamscan should be able to detect the virus, clamd needs RELOAD.
Best regards,
Tomasz Kojm
--
oo ..... [EMAIL PROTECTED]
(\/)\......... http://www.konarski.edu.pl/~zolw
\..........._ I nie zapomnij kliknac w brzuszek...
//\ /\\ <- C. Amboinensis www.pajacyk.pl
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
