ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Creating a Signature
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
Hello,

I am trying to create a signature file and I got the format however I am having a problem building it using the sigttool, Do I need a Signing Service Adress to make a signature ?

Thanks

Al968
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1748
Reply with quote
please refer to http://www.clamav.net/doc/latest/signatures.pdf. You cannot have digitally signed signtaures however
View user's profileSend private message
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
Thank You for your quick responce,

I'm sorry but I had read the pdf File and read it again however I don't see the answer to my question, let me clarify my problem:
When I run the sigtool with the option --build I get the following error:
"ERROR: build: --server is required for --build"

So can you clarify what I should do.

Thanks

Al968
View user's profileSend private message
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
Hello,

I have tried putting the "--server inc" parameter after but it gives me the following error message:

WARNING: build: Signatures in database: 13263, loaded by libclamav: 13262
WARNING: build: Please check the current directory and remove unnecessary databases
WARNING: build: or install the latest ClamAV version.
WARNING: build: CAN'T READ CVD HEADER OF CURRENT DATABASE ./daily.cvd

What should I do ?

Thanks

Al968
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
you cannot build cvd right now because they require clamav signing server, just keep various files unpacked in the clamav db directory
View user's profileSend private message
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
I would do that however now when I scan any file I get an error saying the database is malformed Confused

Any other suggestion?

Thanks

Al968
View user's profileSend private message
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
I found an alternate to my sollution, I just added my detections to the daily.db located in the Daily inc folder.

Also I would like to share those detections is that possible ?

Thanks

Al968
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
I think it will interfere with db update, you should put your .db file in db directory and clamav will get also your signature db
View user's profileSend private message
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
I have tried that however sometimes it doesn't work Confused

Al968
View user's profileSend private message
b0ne


Joined: 26 Oct 2006
Posts: 174
Reply with quote
al968 wrote:
I have tried that however sometimes it doesn't work


Sometimes? Your signatures may not be matching the file then. I'd verify it using clamscan then...

Here's a pretty command line for you:

"c:\program files\clamwin\bin\clamscan.exe" --infected --show-progress --recursive --database="c:\program files\clamwin\db" --log="c:\program files\clamwin\log\clamscan.log" %1
View user's profileSend private message
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
OK

Thanks for the info Smile

So is there any way that I can share those detections, its about 150 different Detection; all of them are Generic Detections of either DOS viruses or Trojans.

Thanks

Al968
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1748
Reply with quote
Can you please email your signatures along with the virus samples in a password protected archive to alch at clamwin.com?
Thanks
View user's profileSend private message
al968


Joined: 24 Feb 2007
Posts: 37
Reply with quote
Actually I don't have the virus samples Confused
But all of the detections come from a collection including 90,000 viruses; however I don't know which one I used.
If you do a hex to text conversion you will see that all of the detections detect some malicious function such as deleting c:\windows\explorer.exe so I confident that there won't be any false possitive.

Thanks

Al968
View user's profileSend private message
Creating a Signature
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic