Hello, I'm trying to create signatures for clamav, to detect exe and mp3 files. Seems to work for exe, but strangely not for mp3, despite the fact I did excatly the same in both cases:
Getting signatures for both files: alex:~$ dd if=exefile.exe count=1 | sigtool --hex-dum 1+0 Datensätze ein 1+0 Datensätze aus 512 Bytes (512 B) kopiert, 2.9117e-05 s, 17.6 MB/s 4d5a90000300000004000000ffff0000b8000000000000004000000000[...] alex:~$ dd if=mp3file.mp3 count=1 | sigtool --hex-dump 1+0 Datensätze ein 1+0 Datensätze aus 512 Bytes (512 B) kopiert, 2.9032e-05 s, 17.6 MB/s 49443303000000000e4c5452434b00000005000000322d303954454e43[...] Creating custom ndb: alex:~$ cat /var/lib/clamav/notallowed.ndb filetype.not.allowed.mp3:0:*:4944?? filetype.not.allowed.exe:0:*:4d5a?? Testing: alex:~$ clamscan exefile.exe exefile.exe: filetype.not.allowed.exe.UNOFFICIAL FOUND ----------- SCAN SUMMARY ----------- Known viruses: 3494613 Engine version: 0.98.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.07 MB Data read: 0.07 MB (ratio 1.00:1) Time: 6.339 sec (0 m 6 s) alex:~$ clamscan mp3file.exe mp3file.exe: OK ----------- SCAN SUMMARY ----------- Known viruses: 3494613 Engine version: 0.98.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Data read: 4.87 MB (ratio 0.00:1) Time: 6.332 sec (0 m 6 s) What did I do wrong? alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
