Andre Hübner wrote: >>> So why don't you just submit the sample at clamav.net/sendvirus? > >ok, i did that yesterday but iam afraid this is not the kind of mailware >which will >included in official virus-db. >the other thing is that i already sometimes submitted a virussample but >never got feedback. >i have to be sure that this malware gets scanned by my machines and dont >want to >stay in insecure status if malware gets included in official virus-db or >not.
On Linux, the easiest tool to pick out bits of an executable file is xxd, which gives you a hex dump of it. In the Windows world, the Notepad++ editor has a hexdump plugin. Presumably it is possible to translate a hex sequence into a clamav signature. Moray. "To err is human. To purr, feline" _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
