I think you will find that you file is too small, try making the file larger than 6 bytes.
Tom On Thu, Mar 13, 2014 at 6:44 PM, [email protected] <[email protected]> wrote: > I've spend on this about 6 hours without any effect. Please help :( > I had it working some time ago but today I've found out that it > stopped working (maybe after one of the clamav updates) > > root@sv1 [/root/test]# echo test > test.exe > root@sv1 [/root/test]# cat test.exe > test > root@sv1 [/root/test]# sigtool --md5 test.exe > test.hdb > root@sv1 [/root/test]# clamscan -d test.hdb test.exe > test.exe: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 1 > Engine version: 0.98.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 0.002 sec (0 m 0 s) > > > -- > > root@sv1 [/root/test]# echo test > test.exe > root@sv1 [/root/test]# cat test.exe > test > root@sv1 [/root/test]# printf test|sigtool --hex-dump > 74657374 > root@sv1 [/root/test]# cat test.ndb > test:0:*:74657374 > root@sv1 [/root/test]# clamscan -d test.ndb test.exe > test.exe: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 1 > Engine version: 0.98.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.00 MB > Data read: 0.00 MB (ratio 0.00:1) > Time: 0.002 sec (0 m 0 s) > > root@sv1 [/root/test]# sigtool --test-sigs=test.ndb test.exe > VIRUS NAME: test > TARGET TYPE: ANY FILE > OFFSET: * > MATCH: ** YES ** (1 match at offset: 0) > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > -- Senior Research Engineer SourceFire Vulnerability Research Team _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
