> On Mon, 26 Jan 2009, Tom Shaw wrote:
> Local.zoosextour:4:*:0a0a687474703a2f2f{-50}2f7a6f6f736578746f75720a0a
Just to add something that confused me for a while... lf *or* cr/lf ;)
if you use 0a0a, it'll only work on non-windows system
if you use 0d0a0d0a, it'll only work on windows system
On 2009-01-27 15:16, scott.larn...@ed.ac.uk wrote:
> On Mon, 26 Jan 2009, Tom Shaw wrote:
>
>> * 0 = any �le
>> * 1 = Portable Executable
>> * 2 = OLE2 component (e.g. a VBA script)
>> * 3 = HTML (normalised)
>> * 4 = Mail file
>> * 5 = Graphics
>> * 6 = ELF
>> * 7 = ASCII text �le (normalised)
>>
On 2009-01-26 20:45, Tom Shaw wrote:
> I have run into some problems creating rules. I
> am trying to create phish rules as
>
> R[Filter]:RealURL:DisplayedURL[:FuncLevelSpec]
> or
> MalwareName:TargetType:Offset:HexSignature[:MinEngineFunctionalityLevel:[Max]]
>
> and I am having two problems.
>
>
On Mon, 26 Jan 2009, Tom Shaw wrote:
* 0 = any ?le
* 1 = Portable Executable
* 2 = OLE2 component (e.g. a VBA script)
* 3 = HTML (normalised)
* 4 = Mail file
* 5 = Graphics
* 6 = ELF
* 7 = ASCII text ?le (normalised)
but how does clamd tell what kind of file it is
so it knows what rule types ne
I have run into some problems creating rules. I
am trying to create phish rules as
R[Filter]:RealURL:DisplayedURL[:FuncLevelSpec]
or
MalwareName:TargetType:Offset:HexSignature[:MinEngineFunctionalityLevel:[Max]]
and I am having two problems.
First problem has to do with UTF/UNICODE
characters
