Re: [clamav-users] need help creating signatures

Fri, 25 Sep 2015 02:11:28 -0700 

Hallo,

Am 25.09.2015 um 09:00 schrieb Al Varnell:

In order to get feedback you must join the clamav-virusdb mailing-list 
<http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb>.


but why a mailadress is asked at creating a malware-report?


not easy to subscribe to virus-database list. complete lists.clamav.net 
seems working only for seconds. most of the time i got request-timeouts.

i think 10th attempt was successful.



Hopefully someone will come along and give you something to work with while you 
are waiting.

-Al-

On Thu, Sep 24, 2015 at 11:56 PM, Hajo Locke wrote:

Hello,


Am 25.09.2015 um 08:32 schrieb Al Varnell:

Why not just submit them to the ClamAV signature team so that all of us will 
benefit from what you’ve found?

ok, i did create the malware report. in past i submitted some times FP or 
malware but never got any answer or reaction. So i thought creating signatures 
by my own is faster.
I think in this moment this malware is used to send spam on one of our servers.


<http://www.clamav.net/report/report-malware.html>

-Al-

On Thu, Sep 24, 2015 at 11:27 PM, Hajo Locke wrote:

Hello,

these days we see new type of php-malware.  Malware occurs in many different 
files, but all expand to same php-malware.

for examle here i have 4 files i have found:
http://pastebin.com/TzudTPPt

All files expand to something like this and are used to send spam:
http://pastebin.com/jhVRMwpE

I dont find big similarities to create one powerful signature. Need help to 
create one signature. Otherwise i had to create one signature for each file.
Please give me a hint in this case.

Thanks,
Hajo


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hajo
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-


_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Hajo

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml






















					Reply via email to