Hi there,
On Sun, 25 Apr 2021, Alex via clamav-users wrote:
... the clamav instructions for building a signature appear to rely
on there being an existing file.
If you mean piping a file through 'sigtool' to get a hexadecimal
representation, that's just one way to do it. You can also write
signatures by 'dead reckoning', see
man ascii
and
man hexdump
for examples of utilities which might be useful. You're just going to
create regular expressions of a kind, where (unlike the familiar kind)
literal characters are given in hexadecimal instead of as themselves.
The regex way: (A|B)C{1,3}\x01
Signature way: (41|42)43{1-3}01
There's also the Yara way, which can be more convenient. A couple of
custom Yara rules here deals with quite a few irritating spammers who
might otherwise be tricky to catch reliably.
You might find something to get you started in the existing signatures.
HTH
--
73,
Ged.
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
