I have a md5 based signature, winnow.malware.2015, that I created
from a file ./malware/style25.dat-4mmrTv The signature is:
23848f3f080237b7e2d2313496f4c00f:3680:winnow.malware.2015
I can see its in my clam sigs by:
$ sigtool --list-sigs=/usr/local/share/clamav/winnow_malware.hdb |
grep "winnow.malware.2015"
winnow.malware.2015
Yet when I check it clamscan does not detect (using 0.95.3)
$ clamscan ./malware/style25.dat-4mmrTv
./malware/style25.dat-4mmrTv: OK
I even checked my signature using sigtool and my signature matches:
sigtool --md5 ./malware/style25.dat-4mmrTv
23848f3f080237b7e2d2313496f4c00f:3680:./malware/style25.dat-4mmrTv
Any ideas? I have a couple more like this in my DB.
Tom
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
