Hi everybody ! does anybody know how to creare a *.hdb or *.ndb signature file to catch some pattern link iframetags, javascript, and other malicious code in HTML file ? I tried following the signatures.pdf guide, creating the *.hdb file with sigtool --md5 iframe-test.html > iframe.hdb, after having normalised the HTML code in HTML page, with sigtool --html-normalise iframe.html but the virus is found only if there's no other html code on file, than the iframe I put as virus..
I tried also with hex-dump too... creating *.ndb signature, but nothing to do.. Any help would be appreciated.. Thanks : ) _________________________________________________________________ Scarica Windows Live Messenger e chiama gratis in tutto il mondo! http://www.messenger.it/connessione.html _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
