On 04/13/2010 01:51 PM, Andre Hübner wrote:
Hello,
iam looking for the best way to create a signature on ELF Binaries.
Type 6 .ndb signatures, see signatures.pdf.
Currently i use a md5-checksum but i dont know this will be enough.
Small changes on file results in different checksum.
Fore text-files i did some hex-dumps on special fileparts which works good, but
seems not to be a practicable way for binaries.
Create a signature for some unique code sequence specific to it for example.
my current problemfile ist uploaded by ftp and opend by http. file sends spam
without using local mailserver by direct-talking to other mailservers and was
deleted after this by ftp.
I did just catch it because i denied deleting in ftp.
Thanks,
Andre
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
