On Tue, 19 Feb 2008, Gomes, Rich wrote: > So if I am going to trigger on one address (i.e. [EMAIL PROTECTED]) > my syntax will be: > > sigtool --hex-dump [EMAIL PROTECTED] > mycustomsignature.db
That miiiight work, but the proper format is to have a name for the signature, so Clam knows what to call it when it sees it. Hmmm, actually that doesn't even create the .db file properly for me. I'd just use the magic of cut-and-paste. Use your favorite text editor to create the mycustomsignature.db file. Use sigtool in interactive mode to get the hex signature (being sure to cut off the last 0a, since it will be a line feed)...or use one of the available online hex translators. Then put the name you want to call the signature, an =, and then paste in the hex (with no spaces in there). Note that Clam doesn't fail gracefully when there are database errors, so make sure everything is working immediately after each change. Jeffrey Moskot System Administrator [EMAIL PROTECTED] _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
