Hello Tomasz, TP> On Tue, 24 Feb 2004 at 11:05:32 +0100, David Girardey wrote: >> >> I'm testing signatures extraction with a 'home-made' virus : I extract >> a piece of a binary file (jpeg file), and put it into a test.virus.db
TP> No. First you must do a hex dump of the binary fragment. It's described TP> in the doc. I use the "by hand" method. My steps are : use the command od -x to view my jpeg file into hex, copy a string of ~50 characters to my .sig, add "Name.Virus (Clam)=" in .sig, rename in .db Is it right ? >> I use the creating signature manual to take a good string (size >> between 40 and 200, etc). >> >> I put this test.virus.db into my database directory (with daily.cvd >> and main.cvd). >> >> I test this signature with this command : >> >> clamscan --mbox /tmp/image.jpg TP> For testing purposes, quicker is using only that test signature: TP> clamscan -d test.virus.db /path/fileforscanning Thanks for your tips ! Regards, -- David Girardey / Agence France Presse mailto:[EMAIL PROTECTED] ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
