On Thu, 10 Mar 2005 19:40:54 +0100 Steffen Winther Soerensen <[EMAIL PROTECTED]> wrote:
> I'm using clamav with a messagewall MTA and run freshclam 0.83 to get
> updates of main.cvd & daily.cvd, to convert to messagewall format I
If that software only supports old *.db ClamAV signatures you will miss
recent malware. Also many of the old format signatures will not be
usable since they have been created only against unpacked (de{UPX, FSG,
Petite}ed) data and require libclamav's internal decompressors.
> run a perl script buildpattern.pl, which uses sigtool 0.83 to unpack
> the .cvd files and merge them.
>
> I started seen this in the daily.db since the Daily update 756:
>
> mh4:/tmp> grep == daily.db
> WinREG.Lowzones.A
> (Clam)==530065007400740069006e00670073005c005a006f006e00650073005c003
> 4005d000d000a002200310030003000310022003d00640077006f00720064003a0030
> 0030003000300030003000300033000d000a002200310030003000340022003d00640
> 077006f00720064003a00300030003000300030003000300033000d000a0022003100
> 3200
That's a typo and will be fixed in one of the next updates.
--
oo ..... Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Thu Mar 10 19:49:49 CET 2005
pgpFmBlFffG5z.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
