Hi all,
My very first post :)
Running version: 0.95.2-4
I am attempting to create my own signature and am having a little bit of
trouble, I hope someone can be of some assistance to me.
This will become more complex but I would like to start with this simple
scenario:
I would like to create a signature that will match on 3 words in a file
(these three words could be anywhere in the file, but if all 3 exist in
the same file a positive must be returned), for simplicity lets make
them word1, word2 and word3.
So I have done the following:
# echo word1 | sigtool --hex-dump
776f7264310a
# echo word2 | sigtool --hex-dump
776f7264320a
echo word3 | sigtool --hex-dump
776f7264330a
Then I have put it into my test.ndb file:
MyVirus:0:*:776f7264310a*776f7264330a*776f7264330a
I then create a test file my_test_file.txt:
word1 word2 word3
I then test to see if the signature works:
clamscan -d test.ndb my_test_file.txt
This unfortunately does not work :(
I then tried to simplify it, and to search for only one word:
# echo word1 | sigtool --hex-dump
776f7264310a
test.ndb file:
MyVirus:0:*:776f7264310a
file my_test_file.txt:
word1
Test:
clamscan -d test.ndb my_test_file.txt
This works!!!
my_test_file.txt: MyVirus.UNOFFICIAL FOUND
But if I then update my_test_file.txt to have other content as well it
does not find it :(
file my_test_file.txt:
The cat sat word1 on the mat
clamscan -d test.ndb my_test_file.txt
my_test_file.txt: OK
As far as I understood, setting the offset to * means that it will look
through the entire file for word1, but it does not seem to be doing this.
Any pointers would be very much appreciated!
Many thank,
Patric
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
