On Tue, 24 Feb 2004 at 15:46:18 +0100, David Girardey wrote: > >> I'm testing signatures extraction with a 'home-made' virus : I extract > >> a piece of a binary file (jpeg file), and put it into a test.virus.db > > TP> No. First you must do a hex dump of the binary fragment. It's described > TP> in the doc. > > I use the "by hand" method.
Good. > My steps are : > use the command od -x to view my jpeg file into hex, > copy a string of ~50 characters to my .sig, > add "Name.Virus (Clam)=" in .sig, > rename in .db > > Is it right ? Well, it depends on what you do with the 'od -x' output. Its format is like the following: 0000000 5a4d 0050 0002 0000 0004 000f ffff 0000 0000020 00b8 2004 0000 0000 0040 001a 0000 0000 while signature must be formed with continuous string of hex chars, like 5a4d0050000200000004 etc. Also, be cautious not to insert any "foreign" chars like newlines, EOFs. If it still doesn't work, you must be doing some mistake :-). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
