ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
HDB Signatures For Linux FontOnLake Malware

Joined: 09 Jul 2006
Posts: 4766
Location: USA
Reply with quote
I don't do many Linux (Elf format) signatures, but below are some signatures for this malware which has been around for a while. It hides in Linux utlities that are downloaded from the web, and there is a rootkit involved also. I have signatures for several utilites, the rootkits, and an injector file.

Copy the HDB signature(s) to a Notepad file and save it in the ClamWin db program data folder, or add the signature to an existing HDB file if you already have one there. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.hdb. Select file type All Files to prevent .txt or .text from being used at the end of the filename. ClamWin is unable to recognize a text file as a signature and will give a corrupt database warning. After saving the file to the ClamWin db program folder, scan something with ClamWin to make sure the signature works--delete the signature file if it does not, or remove the signature from an existing HDB file if you put it there and save the file as it was.

HDB signatures are signatures for an entire malware file. These are for Linux malware, so they could last for a month or much longer (rootkits are not common--especially Linux, and rootkits take some time to prepare). I would delete these signatures about 3 months after they were prepared. The last section of each signature tells the month/date/time the signature was prepared (101021.1529 is October 10, 2021 at 3:29 pm).


View user's profileSend private message
HDB Signatures For Linux FontOnLake Malware
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

 Reply to topic