Hi, You will need to use sigtool to get the signature.
1. Use your third party virus scanning software on the infected file. Note the virus name string being reported 2. Use sigtool with the third party virus scanning program, the infected file and the virus name string. 3. Edit the generated signature file and give it a virus name before the signature starts. See the viruses.db file for the format. 2. The generated signature file can then be placed in the /usr/local/share/clamav directory. e.g. The file crappy.exe is infected with Win32/[EMAIL PROTECTED] as reported by the killvirus anti-virus program The Win32/[EMAIL PROTECTED] is the virus name string as provided by the killvirus program. Running sigtool sigtool -c killvirus -f crappy.exe -s Win32/[EMAIL PROTECTED] The resulting signature file crappy.exe.sig will need to edited in this format to put the name Magistr virus=e9889349539458394593459.............. Move the signature file to the proper location mv crappy.exe.sig /usr/local/share/clamav/magistr.db Your clamscan will now load this new signature database file when scanning. Note the signature file can be quite big but at least you can some protection until the viruses.db get updated. Good Luck Jimmy liu_dan wrote: >users,您好! > how to add a signature which isn’t detected by ClamAV, but is by another > anti-virus scanner working in the console? > > > 致 >礼! > > liu_dan >[EMAIL PROTECTED] > 2003-01-20 > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
