> Le vendredi 30 Septembre 2005 10:58, [EMAIL PROTECTED] a écrit : > > Hello all, > > > > Is there a way to make clam first use the main/daily signatures, and then > > the custom signatures? > > > > As it is now, a custom signature is matched before the main/daily ones, > > which confuses things for us. > > > > Example: > > Attachment contains: "this is the body of chris" > > > > main/daily sig: "this is the body of chris" > > > > custom signature: "this is the body of" > > > > The custom signature will be the matching one. I would like clamav to > > use the custom signatures after first trying all main/daily ones. > > > > If a variant conataining "this is the body of mary" comes along, > > the custom sig should match, which is the point of the sig in the first > > place - and not to find (by main/daily) already recognized code. > > > > Hope I made myself understood... :) > > That's strange, as far as I know custom signatures are loaded after main.cvd > and daily.cvd (in that order). > > You can check using clamscan --debug > Can you report the result of this command ?
This is the results after scanning the same file with, and without our own signatures. As you can see, the custom sig take presendence over the daily :( # clamscan --debug j8SLTMPL028926.Mysignature [...] LibClamAV debug: Loading /usr/local/clamav/share/clamav/main.cvd [...] LibClamAV debug: Loading /usr/local/clamav/share/clamav/daily.cvd [...] LibClamAV debug: Loading /usr/local/clamav/share/clamav/my-generic.db [...] LibClamAV debug: Recognized Raw mail file [...] LibClamAV debug: Mysignature found in descriptor 8. j8SLTMPL028926.Mysignature: Mysignature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 40398 Engine version: 0.86.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB Time: 2.244 sec (0 m 2 s) # clamscan -d /usr/local/clamav/share/clamav/daily.cvd --debug \ j8SLTMPL028926.Mysignature LibClamAV debug: Loading /usr/local/clamav/share/clamav/daily.cvd [...] LibClamAV debug: Recognized Raw mail file [...] LibClamAV debug: Worm.Mydoom.Gen-1 found in descriptor 8. j8SLTMPL028926.Mysignature: Worm.Mydoom.Gen-1 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 769 Engine version: 0.86.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB Time: 0.312 sec (0 m 0 s) //D _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
