If sigtool --hex-dump [EMAIL PROTECTED] > mycustomsignature.db doesn't work, try
sigtool --hex-dump [EMAIL PROTECTED] | tee ~/mycustomsignature.db On Tue, 2008-02-19 at 14:30 -0500, jef moskot wrote: > On Tue, 19 Feb 2008, Gomes, Rich wrote: > > So if I am going to trigger on one address (i.e. [EMAIL PROTECTED]) > > my syntax will be: > > > > sigtool --hex-dump [EMAIL PROTECTED] > mycustomsignature.db > > That miiiight work, but the proper format is to have a name for the > signature, so Clam knows what to call it when it sees it. > > Hmmm, actually that doesn't even create the .db file properly for me. > > I'd just use the magic of cut-and-paste. > > Use your favorite text editor to create the mycustomsignature.db file. > Use sigtool in interactive mode to get the hex signature (being sure to > cut off the last 0a, since it will be a line feed)...or use one of the > available online hex translators. > > Then put the name you want to call the signature, an =, and then paste in > the hex (with no spaces in there). > > Note that Clam doesn't fail gracefully when there are database errors, so > make sure everything is working immediately after each change. > > Jeffrey Moskot > System Administrator > [EMAIL PROTECTED] > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
