Hi there, On Wed, 6 Jan 2021, Luca Sironi via clamav-users wrote:
How can i crosscheck a .ldb file like the one published from Red Eye with the content of the cvd files i download from clamav?
Please define "crosscheck". If you mean that you want to check that two different types of signature store produced by two (or likely more) different signature writers contain the same signatures for some malware or other, then be aware that both the names of the signatures and the signatures themselves are chosen by the writers. There is no reason to suppose that two different people will choose the same text for the things that they put in their signature stores, so no reason why the signatures themselves should be the same, and no reason why the names of the signatures should even vaguely resemble each other. The signatures may not even use the same methods of comparison with the malware. Some signatures will look for things in mail, some for things in files. There's more, see the documentation about writing signatures on the ClamAV Website. If you want to check whether the same malware is detected by two or more different sets of signatures, then scan a sample of the malware with one or other of the signature sets loaded.
I tried to unpack those with sigtool but the syntax of the cvd is much more clear a signature, a name.
Your problem is not clear. What did you do? Please show the exact commands, the resulting output if it is reasonably concise, and why you didn't like the result. Did you try simply looking at the files with a pager? -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
