--- Tomasz Kojm <[EMAIL PROTECTED]> wrote:
> On Wed, 6 Apr 2005 05:14:36 -0700 (PDT)
> Joanna Roman <[EMAIL PROTECTED]> wrote:
>
> > My question is can you just run sigtool over the
> whole
> > file and use the md5 result as the virus signature
> ?
>
> Yes you can but it won't work accurately if the
> target file even simply
> changes (e.g. by adding some foo bytes after the
> last section).
>
> --
> oo ..... Tomasz Kojm
> <[EMAIL PROTECTED]>
> (\/)\.........
> http://www.ClamAV.net/gpg/tkojm.gpg
> \..........._
> 0DCA5A08407D5288279DB43454822DC8985A444B
> //\ /\ Wed Apr 6 14:18:07
> CEST 2005
> > _______________________________________________
> http://lurker.clamav.net/list/clamav-users.html
>
So again, back to my original Q. Give an file
suspected with viruses, how do you know which portion
of the file to extract a virus signature from. I think
it would be great if the clamav team can put up some
kind of tutorial that teaches that.
And assuming you know what and where to extract the
signatures, do the current sig tools allow you to
extract the md5 sig/virus signature of certain portion
of any file ?
__________________________________
Do you Yahoo!?
Yahoo! Sports - Sign up for Fantasy Baseball.
http://baseball.fantasysports.yahoo.com/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
