Check this out...I've done it a bunch of times.
It works so good I've been thinking about offering to help generate sigs for the group.
http://www.clamav.net/doc/signatures.pdf
http://www.clamav.net/faq.html
FAQ#10
-----Original Message-----
From: Kevin M. Myer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 11, 2004 8:44 AM
To: [EMAIL PROTECTED]
Subject: [Clamav-users] MyDoom.D - manual signature generation?
Hello,
The ClamAV team did a great job of getting the signature out for MyDoom.A
(SCO.A) virus well before the commercial vendors had signatures. However, yesterday, we started receiving what turns out to be MyDoom.D messages. I submitted a sample at about 9:00AM EST, on 2/10/2004 but am still awaiting a signature to detect MyDoom.D.
My question: I knew there was a new virus on the loose yesterday morning. Is there a way to use a copy of the virus in the wild to generate a temporary signature? I kept watching for updates yesterday but started stripping attachments as a temporary relief measure when I realized how wide spread this had become.
So is there a temporary stop-gap measure that we can employ for signature generation for viruses in the wild?
Thanks,
Kevin
--
Kevin M. Myer
Systems Administrator
Lancaster-Lebanon Intermediate Unit 13
(717) 560-6140
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
--------------------------------------
This email was scanned with mimedefang
AdminAddress: [EMAIL PROTECTED]
--------------------------------------
