They removed the functionality from the tool, not the tool itself, for two reasons:Damian Menscher a écrit :
http://www.clamav.net/doc/0.75/signatures.pdf
They removed the functionality in 0.80 and above, but that's because it's simplest for users to create md5 signatures of unknown binaries (and the automatic signature generation depended on having another virus scanner detect it already anyway). Of course, you can also create signatures by hand, which isn't that difficult once you've read the .pdf file for the format.
About the only thing we *can't* do is create a .cvd file that is signed by the original authors. But if the project were forked, that would be trivial to fix also (requires a one-line change to the source code).
What do you mean by "they removed the functionality" ?
sigtool - the command line utility used to create & manipulate signatures - is still there in 0.83.
As already said, you cannot build CVD files by yourself but you can create a signature and then create your own database with sigtool and use these files.
(1) The resulting signatures weren't accurate
(2) The use violates the license of most (if not all) commercial scanners
A new method (md5 hashes) was added to clamav and sigmaker to replace the old functionality.
Although (2) was clearly stated in the manual, it was still used by people (but not the sigmakers). Sigmakers always create signatures maually based on the samples they receive.
If someone has the abilities (like x86 assembler, PE format knowledge and other stuff) one can always apply for a sigmaker "job" (or build their own, if they have enough samples).
Thomas
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
