Re: [clamav-users] possible to use clamscan to search for strings in mail?
Great, thanks! All I had to do was writing an new.ldb rule with hex patterns to search for: Sig1;Target:4;(0|1|2|3|4|5|6|7|8|9|10|11|12);e2e5ede0eb;c2c5cdc0cb;fe32 ;de32;d7c5cec1cc;f7e5eee1ec;c032;e032;d0b2d0b5d0bdd0b0d0bb;d092d095d09d d090d09b;d18e32;d0ae32;7576656e616c and run clamscan: clamscan -f ~/list -i -d ~/new.ldb On Wed, 2019-03-06 at 10:50 +0100, Arnaud Jacques wrote: > Hello Alex, > > > > We do have a large IMAP ~200GB, and in order to find letters > > containing specific "keyword", > > grep is not good because of base64 encoding. So the idea is to > > look > > through with antivirus scanner for "virus" inside letters, which > > is > > not a virus but a (not sure, may be) "bytecode signature" = > > "keyword" > > > > Sounds good? A link to a howto will be appreciated. > > Yes it is possible. Please see the official documentation : > https://www.clamav.net/documents/creating-signatures-for-clamav > ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] possible to use clamscan to search for strings in mail?
Hello Alex, We do have a large IMAP ~200GB, and in order to find letters containing specific "keyword", grep is not good because of base64 encoding. So the idea is to look through with antivirus scanner for "virus" inside letters, which is not a virus but a (not sure, may be) "bytecode signature" = "keyword" Sounds good? A link to a howto will be appreciated. Yes it is possible. Please see the official documentation : https://www.clamav.net/documents/creating-signatures-for-clamav -- Cordialement / Best regards, Arnaud Jacques Gérant de SecuriteInfo.com Téléphone : +33-(0)3.44.39.76.46 E-mail : a...@securiteinfo.com Site web : https://www.securiteinfo.com Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286 Twitter : @SecuriteInfoCom Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] possible to use clamscan to search for strings in mail?
Hi all, is it worth trying? We do have a large IMAP ~200GB, and in order to find letters containing specific "keyword", grep is not good because of base64 encoding. So the idea is to look through with antivirus scanner for "virus" inside letters, which is not a virus but a (not sure, may be) "bytecode signature" = "keyword" Sounds good? A link to a howto will be appreciated. Thanks. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml