 |
 | Creating a Signature |  |
|
al968
|
|
Hello,
I am trying to create a signature file and I got the format however I am having a problem building it using the sigttool, Do I need a Signing Service Adress to make a signature ? Thanks Al968 |
|||||||||||
|
|||||||||||||
 |
| |
|
alch
Site Admin
|
|
please refer to https://www.clamav.net/doc/latest/signatures.pdf. You cannot have digitally signed signtaures however
|
|||||||||||
|
|||||||||||||
|
| |
|
al968
|
|
Thank You for your quick responce,
I'm sorry but I had read the pdf File and read it again however I don't see the answer to my question, let me clarify my problem: When I run the sigtool with the option --build I get the following error: "ERROR: build: --server is required for --build" So can you clarify what I should do. Thanks Al968 |
|||||||||||
|
|||||||||||||
|
| |
|
al968
|
|
Hello,
I have tried putting the "--server inc" parameter after but it gives me the following error message: WARNING: build: Signatures in database: 13263, loaded by libclamav: 13262 WARNING: build: Please check the current directory and remove unnecessary databases WARNING: build: or install the latest ClamAV version. WARNING: build: CAN'T READ CVD HEADER OF CURRENT DATABASE ./daily.cvd What should I do ? Thanks Al968 |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
you cannot build cvd right now because they require clamav signing server, just keep various files unpacked in the clamav db directory
|
|||||||||||
|
|||||||||||||
|
| |
|
al968
|
|
I would do that however now when I scan any file I get an error saying the database is malformed
Any other suggestion? Thanks Al968 |
|||||||||||
|
|||||||||||||
|
| |
|
al968
|
|
I found an alternate to my sollution, I just added my detections to the daily.db located in the Daily inc folder.
Also I would like to share those detections is that possible ? Thanks Al968 |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
I think it will interfere with db update, you should put your .db file in db directory and clamav will get also your signature db
|
|||||||||||
|
|||||||||||||
|
| |
|
al968
|
|
I have tried that however sometimes it doesn't work
Al968 |
|||||||||||
|
|||||||||||||
|
| |
|
b0ne
|
|
Sometimes? Your signatures may not be matching the file then. I'd verify it using clamscan then... Here's a pretty command line for you: "c:\program files\clamwin\bin\clamscan.exe" --infected --show-progress --recursive --database="c:\program files\clamwin\db" --log="c:\program files\clamwin\log\clamscan.log" %1 |
|||||||||||||
|
|||||||||||||||
|
| |
|
al968
|
|
OK
Thanks for the info 
So is there any way that I can share those detections, its about 150 different Detection; all of them are Generic Detections of either DOS viruses or Trojans. Thanks Al968 |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
Can you please email your signatures along with the virus samples in a password protected archive to alch at clamwin.com?
Thanks |
|||||||||||
|
|||||||||||||
|
| |
|
al968
|
|
Actually I don't have the virus samples
But all of the detections come from a collection including 90,000 viruses; however I don't know which one I used. If you do a hex to text conversion you will see that all of the detections detect some malicious function such as deleting c:\windows\explorer.exe so I confident that there won't be any false possitive. Thanks Al968 |
|||||||||||
|
|||||||||||||
|
 | Creating a Signature | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.