This just bit in the behind real good. I'd like to propose a small
change to the signatures.pdf document.
http://www.clamav.net/doc/latest/signatures.pdf
There's an example that reads
z...@localhost:/tmp/test$ sigtool --hex-dump
How do I look in hex?
486f7720646f2049206c6f6f6b20696e206865783f0a
This is a perfect example, but it needs to be noted in the document
that if you are using this to create a snippet of hex-ed HTML as your
signature that you need to strip the "0a" from the end of the encoded
text.
That "0a" is the line feed and it'll more likely than not mess you up
if you try to use that in your signature :) The signature will not
match the text it's being used against (unless, of course, there
really is a line feed in your text)
Perhaps this is understood by people who use this regularly, and
although I'm a smart guy, I'm new to ClamAV and I lost 90 minutes
because of this.
Hitting CTRL-D to exit the sigtool is also possible, but you end up
with something like this on your screen.
#sigtool --hex-dump
How do I look in hex?486f7720646f2049206c6f6f6b20696e206865783f
More usable, but not ideal. :)
Anyway, a cautionary note would be most helpful.
Thanks!
--Joel
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
