On 9/15/05, Joanna Roman [EMAIL PROTECTED] wrote:
Whoever is about to submit the spywares, may I ask
whether those spywares come in via port 80 or port 21
?
95% of the spyware I have dealt with sends out data from itself on one
of 3 channels:
1) 80/tcp
2) 443/tcp
3) 53/tcp or udp
Well I am interested in seeing how this could be done. What is the
documentation I need to start looking at on how to make signatures for
clamav?
On 9/14/05, Dan MacNeil [EMAIL PROTECTED] wrote:
Thomas Hruska wrote:
[asks in a somewhat forceful way that clam detect spyware]
Perhaps you might
On Thu, 15 Sep 2005, Stephen J. Smoogen wrote:
Well I am interested in seeing how this could be done. What is the
documentation I need to start looking at on how to make signatures for
clamav?
http://www.clamav.net/
-
documentation
-
latest
-
signatures.pdf
And this just proves that spending 2 hours actively trying to look for
something... and failing should be just cause for my internet license
to be revoked. Sorry about the obvious question with obvious answer.
On 9/15/05, Jason Englander [EMAIL PROTECTED] wrote:
On Thu, 15 Sep 2005, Stephen J.
--- Christopher X. Candreva [EMAIL PROTECTED]
wrote:
On Mon, 12 Sep 2005, Stephen J. Smoogen wrote:
I am currently looking at doing the same thing. I
have a set of boxes
that I am planning to 'infect' with spyware and
then start making
signatures for them. It is a rather slow process
Thomas Hruska wrote:
[asks in a somewhat forceful way that clam detect spyware]
Perhaps you might offer to pay the clamav group to add the features you
desire.
free is speech not beer.
___
http://lurker.clamav.net/list/clamav-users.html
--- Thomas Hruska [EMAIL PROTECTED] wrote:
Dennis Peterson wrote:
Meanwhile, why don't you create signatures for
known spyware and place
them in your configuration? ClamAV allows this,
you know. If you get good
at it you can share them.
dp
Actually I didn't know that. I was
I think what you're looking for is Spybot Search Destroy.
Google it because I forgot the exact URL. And it's completely
free.
___
http://lurker.clamav.net/list/clamav-users.html
On 9/11/05, Thomas Hruska [EMAIL PROTECTED] wrote:
Thank you but I already know the tool doesn't exist or I wouldn't be
wandering around this forum. Since the tool doesn't exist, I found the
_closest_ possible tool to the tool I am looking for and ClamAV happens
to be that tool. You should
On Mon, 12 Sep 2005, Stephen J. Smoogen wrote:
I am currently looking at doing the same thing. I have a set of boxes
that I am planning to 'infect' with spyware and then start making
signatures for them. It is a rather slow process at the moment..
There doesn't seem to be any reason a
--- Thomas Hruska [EMAIL PROTECTED] wrote:
Aren't there already spyware signatures in ClamAV
database ?
I hate to crosspost, but since it appears no one reads the Win32 list, I
switched my subscription to the main users list.
I've got ClamAV working and that is all good and fine. However, I
looked in the archives of the clamav-users list and saw that still as of
June 2005, ClamAV is completely
On Sep 11, 2005, at 10:07 PM, Thomas Hruska wrote:
I hate to crosspost, but since it appears no one reads the Win32
list, I switched my subscription to the main users list.
I've got ClamAV working and that is all good and fine. However, I
looked in the archives of the clamav-users list
Thomas Hruska said:
I hate to crosspost, but since it appears no one reads the Win32 list, I
switched my subscription to the main users list.
Everything you require can be found at Google. As you observed, ClamAV is
not in the spyware detection business.
dp
Dale Walsh wrote:
What your asking for sounds simple however, how do you establish
detection??
Can't you use the existing signature scanning technology in ClamAV to
identify known spyware vendors? Spyware vendors distribute either
embedded libraries or have specific DLLs or EXEs -
Dennis Peterson wrote:
Thomas Hruska said:
I hate to crosspost, but since it appears no one reads the Win32 list, I
switched my subscription to the main users list.
Everything you require can be found at Google. As you observed, ClamAV is
not in the spyware detection business.
dp
No it
Thomas Hruska said:
Dennis Peterson wrote:
Thomas Hruska said:
I hate to crosspost, but since it appears no one reads the Win32 list, I
switched my subscription to the main users list.
Everything you require can be found at Google. As you observed, ClamAV
is
not in the spyware detection
Dennis Peterson wrote:
Thomas Hruska said:
Dennis Peterson wrote:
Thomas Hruska said:
I hate to crosspost, but since it appears no one reads the Win32 list, I
switched my subscription to the main users list.
Everything you require can be found at Google. As you observed, ClamAV
is
not
Thomas Hruska said:
Dennis Peterson wrote:
Thank you but I already know the tool doesn't exist or I wouldn't be
wandering around this forum. Since the tool doesn't exist, I found the
_closest_ possible tool to the tool I am looking for and ClamAV happens
to be that tool. You should be
Dennis Peterson wrote:
Meanwhile, why don't you create signatures for known spyware and place
them in your configuration? ClamAV allows this, you know. If you get good
at it you can share them.
dp
Actually I didn't know that. I was under the impression that it was
completely central
Which is the status of spyware detection withc clamav?
I searched through viruses.db and could not find signatures for some
samples of spyware.
Previusly, I had some troubles with a sony vaio and tgcmd.exe
(=spyware). I tried to detect it running clamscan via smbmount without
result.
Is it
21 matches
Mail list logo