Re: [clamav-users] ICON_HASH signature for PE files

Steve, Irshad, I put this together from just a little research reading the documentation, examining the `clamscan --debug` output, and examining existing signatures in `daily.idb` and `daily.ldb`. Someone call me out if the details aren't 100% correct. I'm relatively inexperienced with writing

Re: [clamav-users] ICON_HASH signature for PE files

Hi Steve This does not solve the problem, I don't know how to calculate the fuzzy hash of icon that is used in the signature. On Nov 9, 2018 5:54 PM, "Steve Basford" wrote: > > On Fri, November 9, 2018 9:00 am, Irshad wrote: > > Hi, > > > > > > > My apologies, if I am missing something

Re: [clamav-users] ICON_HASH signature for PE files

On Fri, November 9, 2018 9:00 am, Irshad wrote: > Hi, > > > My apologies, if I am missing something obvious. I spent around 3 hours Hi Irshad Not sure if this will help but there are a few icon based sigs I think in the current daily.cvd So unpack them and then grep for IconG, something like

[clamav-users] ICON_HASH signature for PE files

Hi, I have a bunch of PE files for which I need to create the ICON_HAHS based signatures, In documentation, here , it says The ICON_HASH field can be obtained from the debug