Hello,
from http://www.dict.cc/englisch-deutsch/from.html time
http://www.dict.cc/englisch-deutsch/time.html to time
http://www.dict.cc/englisch-deutsch/time.html i create some signatures
from what i found in php-code of my users.
Now i found some malware that worries me. Its obfuscated
Hello,
sorry for links to my translator. I thought thunderbird is removing this
when choosing pure-text-format.
now it is readable:
Am 08.09.2014 um 16:04 schrieb Hajo Locke:
Hello,
from time to time i create some signatures from what i found in
php-code of my users.
Now i found some
Hajo,
Would you be interested in sharing the signatures you create with the
ClamAV community? If so, please check out the process here:
http://blog.clamav.net/2014/02/introducing-clamav-community-signatures.html
As for signatures for obfuscated PHP, it really does depend on the code you
are
Hi,
the patched version of clamav-milter is running since 5 days without problems.
I can confirm that your patch solved the problem.
Thanks and regards
Urban Loesch
Original-Nachricht
Betreff: Re: [clamav-users] clamav-milter: Failed to create temporary file
Datum: Thu, 04
On Mon, September 8, 2014 3:04 pm, Hajo Locke wrote:
What should i do now? Is there a trick to find a signature which fits
for all samples or i have to create a different signature for every
sample?
Hi,
Tricky :(
Copy this into@ not_tested.ndb
Because plugin developers do nutty things, I'd probably combine the two
into a single signature to reduce possible false positives, but other than
that it looks like those. I've seen non-malicious CMS plugins that use
similar obfuscation techniques, though I'm certainly willing to use these
as is
