You can build your own definitions and it is quite easy, actually. http://www.clamav.net/doc/latest/signatures.pdf
On Wed, Dec 24, 2008 at 7:15 AM, Plamen Vassilev <plamen.vassi...@gmail.com>wrote: > Hello list, > > Although I've been subscribed to this list from Nov 2006, I have not seen a > clear explanation about the process that takes place from virus sample > submission to the moment that virus definition takes place into the > official > virusdb and clamscan starts actually detecting the submitted malware. The > reason for this post is that I submitted several files few weeks ago, of > what > seems to be a rootkit. Namely the files: > soxpeca.exe > noytcyr.exe > tdydowkc.exe > roytctm.exe > mabidwe.exe > and > afisicx.exe > Googling for all of them returns results firmly pointing at malware origin. > For example here[0] is a discussion started from an infected person, trying > to clean his windows 2003 server. To this day clamscan does not detect any > of > these infections. I do not want this to go out as a rant, rather I would > like > to know - what can I personally do to speed up the process of detection for > this (and future) malware besides just reporting and submitting it? Some > premature analysis for example? And in this particular case, if clamscan > will > not detect these threats, can I build my own virus definitions that detects > those infections and merge them with clamav ones? Maybe there was such a > discussion and I've overlooked it? Any pointers will be much appreciated, > and > sorry for any bad wording - I am not a native English speaker. > > [0] > > http://www.geekstogo.com/forum/Rootkit-Trojan-soxpeca-madibwe-noytcyr-roytctm-afisicx-tdydowkc-t220440.html > > -- > regards > Plamen Vassilev > Software Engineer & System Administrator > > Bulgaria, Varna > T: +359 5105 4155 > C: +359 899 989647 > ICQ: 73027127 > Skype: plamen.vassilev > E: plamen.vassi...@gmail.com > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- http://www.volatileminds.net _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
