Hello Markus, Le jeudi 1 Septembre 2005 23:11, Markus Beck a écrit : > Hello Arnaud, > > thank You for Your fast answer! > > On Thu, 1 Sep 2005 18:18:04 +0200 > > "Securiteinfo.com" <[EMAIL PROTECTED]> wrote: > > There is different techniques to create a signature. One is to base > > the signature against the executable code of the malware. In that > > way, many different variant (e.g. different IRC-Channels used in this > > case) could be caught. > > Where can I read about/learn how to do that correctly? I already > consulted man sigtool, but it contains not a lot of things about its > background.
Well, to create a Clamav signature, you can read this first : http://www.clamav.net/doc/0.86.2/signatures.pdf For all techniques about sigmaking, you have to be familiar with PE format, reverse engeniering (assembler, debugger...), know how a malware is spreading etc... I'm sorry, I don't know any documentation explaining all these techniques. I guess experience is your best friend. -- Cordialement, Arnaud Jacques Consultant Sécurité Téléphone / Fax : +33-(0)3.44.39.76.46 Portable : +33-(0)6.24.40.95.03 E-mail : [EMAIL PROTECTED] Securiteinfo.com La Sécurité Informatique - La Sécurité des Informations. 266, rue de Villers 60123 Bonneuil en Valois _______________________________ _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
