Arnaud thanks for your help man, it worked!
I much appreciate your help :)
. . . . .
> On May 5, 2017, at 11:56 AM, Arnaud Jacques / SecuriteInfo.com
> wrote:
>
> Hello,
>
>> $ sigtool --mdb * > home/test/Documents/CustomDB.mdb
>>
>> But when i do clamscan and let clam use this database it
Hello,
> $ sigtool --mdb * > home/test/Documents/CustomDB.mdb
>
> But when i do clamscan and let clam use this database it does not detect any
> malware sample! I did the following:
>
> /Downloads/exe$ clamscan -r -d /home/teat/Documents/CustomDB.mdb
You make different errors, including typo er
From "signatures.pdf" para 3.1.3:
> The easiest way to generate MD5 based section signatures is to extract target
> PE sections into separate files and then run sigtool with the option --mdb
-Al-
On Fri, May 05, 2017 at 12:47 AM, Abdullah AL-Mutairy wrote:
>
> Hello everyone!
>
> I'm having a
Dave,
Thank you for the information. I'll proceed with an alternative mechanism
to accomplish this (basically run the scan twice, one with md5 db and one
with the hex db).
Cheers!
Nathan
On Thu, Jun 7, 2012 at 7:36 AM, David Raynor wrote:
> Nathan,
>
> The scanning functions inside libclamav
Nathan,
The scanning functions inside libclamav run in a certain order, and once it
detects an infection inside a file it short-circuits further scanning. For
example, smaller offsets are checked before larger offsets. There is no way
to change the order by changing configuration.
Dave R.
--
Dav
