On Sat, Feb 19, 2005 at 09:07:05PM +0100, q# wrote: [...] > So I want create those sigs but my skillindex is at 0% level :/ Can > users who have experience with catching and creating malware sigs point > me to useful docs/tools?
>From Google: http://www.antionline.com/showthread.php?s=&threadid=262455 http://clamav.net/doc/0.75/signatures.pdf http://clamav.net/doc/0.83/signatures.pdf Above PDFs are differ, both have useful info. > I started .HDB (md5) sigs but not all malware could be catched with this > way. My biggest problem is to: how to catch evil code inside binary > file. http://hns.at.kubek.eu.org/pub/ftp/viruses/ In `./local/' you can find my `local.hdb' file, which is created from separate ./done-clamav-?/*.hdb sigs. Those single sigs are against malware with similar name and .vir extension in `./done-*' dirs. Comments are welcome. -- best regards q# _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
