On 02/16/2010 10:20 PM, Tom Shaw wrote: > Thanks SO much, Edwin! > > Is there a def of .fmt format?
You can look at the example in daily: sigtool --unpack-current daily cat daily.ftm 0:0:425a68:BZip:CL_TYPE_ANY:CL_TYPE_BZ 0: this is a static signature (no wildcards), anchored at an offset 0: offset 0 425a68: the hex signature Bzip: description of file format (used in --debug output) CL_TYPE_ANY: prerequisite filetype CL_TYPE_BZ: the filetype 1:*:504b0304:ZIP-SFX:CL_TYPE_ANY:CL_TYPE_ZIPSFX 1: arbitrary offset/wildcard enabled *: any offset 504b0304: hex signature ZIP-SFX: description CL_TYPE_ANY: prerequisite filetype CL_TYPE_ZIPSFX: the filetype Note that you can't introduce new CL_TYPE, the engine needs to be updated for that. You can only improve the magic signatures for existing CL_TYPEs. You shouldn't need to create .ftm signatures though. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
