q# wrote: > $ echo 'Zip.Empty:0:*:0:0:00000000:0:1:1' > ./local/empty.zmd
Checking the documentation: http://www.clamav.net/doc/latest/signatures.pdf This is the "Extended signature format" Zip.Empty - name of malware 0 - target type: 0 = any file * - offset: * = any 0 - ? 0 - ? 00000000 - ? 0 - ? 1 - ? 1 - ? Your sig doesn't seem to match the published doc format. What does sigtool -i ./local/empty.zmd say? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
