Hello, thank you for your answer. I understand your point, i guess i should simply trust the project repository.
I was asked to check whether i could integrate informations coming from https://github.com/fireeye/red_team_tool_countermeasures/blob/master/all-clam.ldb with a pre existing clamav installation but i have limited access to the internet so i could not easily add another CustomerDatabase entry. So i asked on the ML if that was gonna became part of the standard repository. I thought that Red Eye could provide the best signatures to identify binary stuff they got leaked. Yes, i was trying to compare the ldb file content with sigtool --unpack content of daily.cvd and main.cvd regards Luca Il giorno gio 7 gen 2021 alle ore 14:47 G.W. Haywood via clamav-users < [email protected]> ha scritto: > Hi there, > > On Wed, 6 Jan 2021, Luca Sironi via clamav-users wrote: > > > How can i crosscheck a .ldb file like the one published from Red Eye > > with the content of the cvd files i download from clamav? > > Please define "crosscheck". If you mean that you want to check that > two different types of signature store produced by two (or likely > more) different signature writers contain the same signatures for some > malware or other, then be aware that both the names of the signatures > and the signatures themselves are chosen by the writers. There is no > reason to suppose that two different people will choose the same text > for the things that they put in their signature stores, so no reason > why the signatures themselves should be the same, and no reason why > the names of the signatures should even vaguely resemble each other. > The signatures may not even use the same methods of comparison with > the malware. Some signatures will look for things in mail, some for > things in files. There's more, see the documentation about writing > signatures on the ClamAV Website. > > If you want to check whether the same malware is detected by two or > more different sets of signatures, then scan a sample of the malware > with one or other of the signature sets loaded. > > > I tried to unpack those with sigtool but the syntax of the cvd is > > much more clear a signature, a name. > > Your problem is not clear. What did you do? Please show the exact > commands, the resulting output if it is reasonably concise, and why > you didn't like the result. Did you try simply looking at the files > with a pager? > > -- > > 73, > Ged. > > _______________________________________________ > > clamav-users mailing list > [email protected] > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- http://www.sironi.tk
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
